summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/ChangeLog-2011798
-rw-r--r--doc/DETAILS1299
-rw-r--r--doc/FAQ13
-rw-r--r--doc/HACKING200
-rw-r--r--doc/KEYSERVER83
-rw-r--r--doc/Makefile.am150
-rw-r--r--doc/Makefile.in1029
-rw-r--r--doc/OpenPGP108
-rw-r--r--doc/TRANSLATE62
-rw-r--r--doc/com-certs.pem484
-rw-r--r--doc/contrib.texi106
-rw-r--r--doc/debugging.texi277
-rw-r--r--doc/examples/README9
-rw-r--r--doc/examples/gpgconf.conf63
-rw-r--r--doc/examples/pwpattern.list48
-rwxr-xr-xdoc/examples/scd-event102
-rw-r--r--doc/examples/trustlist.txt66
-rw-r--r--doc/glossary.texi72
-rw-r--r--doc/gnupg-card-architecture.eps1003
-rw-r--r--doc/gnupg-card-architecture.fig419
-rw-r--r--doc/gnupg-card-architecture.pdfbin0 -> 19685 bytes
-rw-r--r--doc/gnupg-card-architecture.pngbin0 -> 15022 bytes
-rw-r--r--doc/gnupg-logo.eps2704
-rw-r--r--doc/gnupg-logo.pdfbin0 -> 11736 bytes
-rw-r--r--doc/gnupg-logo.pngbin0 -> 8988 bytes
-rw-r--r--doc/gnupg.info178
-rw-r--r--doc/gnupg.info-17752
-rw-r--r--doc/gnupg.info-22125
-rw-r--r--doc/gnupg.texi222
-rw-r--r--doc/gnupg7.texi31
-rw-r--r--doc/gpg-agent.texi1386
-rw-r--r--doc/gpg.texi3394
-rw-r--r--doc/gpgsm.texi1458
-rw-r--r--doc/gpgv.texi163
-rw-r--r--doc/gpl.texi725
-rw-r--r--doc/help.be.txt286
-rw-r--r--doc/help.ca.txt286
-rw-r--r--doc/help.cs.txt286
-rw-r--r--doc/help.da.txt286
-rw-r--r--doc/help.de.txt279
-rw-r--r--doc/help.el.txt286
-rw-r--r--doc/help.eo.txt286
-rw-r--r--doc/help.es.txt251
-rw-r--r--doc/help.et.txt286
-rw-r--r--doc/help.fi.txt256
-rw-r--r--doc/help.fr.txt256
-rw-r--r--doc/help.gl.txt286
-rw-r--r--doc/help.hu.txt257
-rw-r--r--doc/help.id.txt251
-rw-r--r--doc/help.it.txt251
-rw-r--r--doc/help.ja.txt286
-rw-r--r--doc/help.nb.txt286
-rw-r--r--doc/help.pl.txt250
-rw-r--r--doc/help.pt.txt253
-rw-r--r--doc/help.pt_BR.txt253
-rw-r--r--doc/help.ro.txt251
-rw-r--r--doc/help.ru.txt250
-rw-r--r--doc/help.sk.txt254
-rw-r--r--doc/help.sv.txt286
-rw-r--r--doc/help.tr.txt242
-rw-r--r--doc/help.txt372
-rw-r--r--doc/help.zh_CN.txt233
-rw-r--r--doc/help.zh_TW.txt245
-rw-r--r--doc/howto-create-a-server-cert.texi288
-rw-r--r--doc/howtos.texi15
-rw-r--r--doc/instguide.texi91
-rw-r--r--doc/opt-homedir.texi10
-rw-r--r--doc/qualified.txt243
-rw-r--r--doc/samplekeys.asc939
-rw-r--r--doc/scdaemon.texi731
-rw-r--r--doc/see-also-note.texi14
-rw-r--r--doc/specify-user-id.texi171
-rw-r--r--doc/stamp-vti4
-rw-r--r--doc/sysnotes.texi86
-rw-r--r--doc/texi.css6
-rw-r--r--doc/tools.texi1899
-rw-r--r--doc/version.texi4
-rw-r--r--doc/yat2m.c1360
78 files changed, 39940 insertions, 0 deletions
diff --git a/doc/ChangeLog-2011 b/doc/ChangeLog-2011
new file mode 100644
index 0000000..680affa
--- /dev/null
+++ b/doc/ChangeLog-2011
@@ -0,0 +1,798 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-01-13 Werner Koch <wk@g10code.com>
+
+ * FAQ: Make it a static file with a pointer to the online location.
+ * Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html.
+ (FAQ, faq.html): Remove these targets
+
+2010-03-05 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Mention that
+ show-uid-validity does only work with public keys. Noted by
+ Daniel Kahn Gillmor.
+
+2009-08-24 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Suggested new ordering for --edit-key.
+
+2009-08-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Options): Clarify that
+ personal-foo-preferences overrides recipient preferences (safely).
+
+2009-08-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): Document keyserver options
+ check-cert and ca-cert-file.
+
+2009-08-06 Werner Koch <wk@g10code.com>
+
+ * DETAILS: Describe the new INV_SNDR and NO_SNDR..
+
+2009-07-31 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Options): Don't mention
+ --no-sk-comment (doesn't exist any longer).
+
+2009-07-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): LDAP uses DNS-SD to locate
+ a server before falling back to keys.{domain}.
+
+2009-07-23 Werner Koch <wk@g10code.com>
+
+ * help.txt (gpgsm.crl-problem): New.
+
+2009-07-22 Werner Koch <wk@g10code.com>
+
+ * scdaemon.texi, instguide.texi, gpgsm.texi, sysnotes.texi
+ * glossary.texi, howto-create-a-server-cert.texi, tools.texi
+ * gpg-agent.texi, gpg.texi, debugging.texi: Typo fixes. Reported
+ by Jeroen Schot. Fixes bug#1093.
+
+ * gpg.texi (GPG Configuration Options): Tell what files to backup.
+ * sysnotes.texi: Remove some warning notes for W32.
+
+2009-07-20 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (Operational GPG Commands): Add a note for --send-keys.
+ Fixes bug#1090.
+
+2009-07-06 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Add a note about corrupted
+ keys in --search-keys.
+
+2009-06-02 Werner Koch <wk@g10code.com>
+
+ * tools.texi (watchgnupg): Typo fix. Fixes bug#1065.
+
+ * gpg-agent.texi (Agent Commands): Update description of --daemon.
+
+2009-05-20 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Explain new meaning of
+ --enable-dsa2.
+
+2009-03-16 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): Document keyserver-options
+ debug.
+
+2009-03-04 Werner Koch <wk@g10code.com>
+
+ * help.txt (gpg.keygen.size): Add a link to web page.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (Operational GPG Commands): "merge-only" is an
+ import-option. Reported by Joseph Oreste Bruni.
+
+2009-03-02 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Modernized instructions.
+ (Agent Options): Fix spelling of option --lc-ctype.
+
+2009-01-12 Werner Koch <wk@g10code.com>
+
+ * faq.raw: Fix bug reorting address.
+
+2008-12-12 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (General GPGSM Commands): Fix --help, --version and
+ --warranty wording.
+
+2008-12-08 Werner Koch <wk@g10code.com>
+
+ * DETAILS: Clarify the use of "trust" and "validity" as suggested
+ by Daniel Kahn Gillmor. Fix some typos. Remove the outdated
+ sections on packet headers and pipemode. Point to the libgcrypt
+ manual for a description of the key generation.
+
+2008-11-12 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Use Posix $() instead of
+ backticks to avoid rendering problems.
+
+2008-10-13 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Management): Explain hot to delete the
+ secret key.
+
+2008-10-01 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Controlling gpg-connect-agent): Describe /datafile.
+
+2008-09-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Key Management): Clarify setpref a bit.
+
+2008-08-30 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (write_th): Print a note that this is generated source.
+ (VERSION): Bump up to 1.0.
+
+2008-07-30 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (GPGSM Configuration): Mention com-cert.pem.
+
+2008-06-25 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Add new BnetzA certs 12R and 13R.
+ * com-certs.pem: Ditto.
+ * examples/trustlist.txt: Ditto.
+
+2008-06-19 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Listing options): Describe new complect gpgconf type
+ "alias list".
+
+2008-06-16 Werner Koch <wk@g10code.com>
+
+ * DETAILS (group): Document %ask-passphrase.
+
+2008-05-26 Werner Koch <wk@g10code.com>
+
+ * gpgv.texi: Minor fixes. Fixes bug#918.
+
+ * opt-homedir.texi: Typo fixes. Fixes bug#917.
+
+2008-05-26 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Invoking gpgconf): Document --list-dirs.
+
+2008-05-20 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Invoking gpgconf): Add --dry-run and --check-options.
+ (Checking programs): Document --check-options.
+
+2008-05-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg.texi (Operational GPG Commands): Mention the way to change
+ the default signing key.
+
+2008-05-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (myman_pages): Add gpg-zip.1.
+
+ * tools.texi (gpg-zip): Add new section.
+
+2008-04-08 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Change subkeys.pgp.net to
+ keys.gnupg.net. Describe --auto-key-locate mechanisms local and
+ nodefault.
+
+2008-04-03 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (proc_texi_cmd): Remove extra apostrophe from @samp and
+ use open and close quote to @file and @env.
+
+2008-04-02 Werner Koch <wk@g10code.com>
+
+ * opt-homedir.texi: Remove special case for Registry key.
+
+ * yat2m.c (proc_texi_cmd): Use the \(aq glyph for @samp. This is
+ bug#898.
+ (proc_texi_buffer): Handle backslashs correctly.
+
+2008-03-27 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (nobase_dist_doc_DATA, dist_html_DATA): New. Move
+ relevant files to here.
+ (install-html-local): Remove.
+
+2008-02-27 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Listing options): Document new types.
+
+2008-02-26 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Mention rfc4398.
+
+2008-02-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Esoteric Options): Tweak mention of Tempest font
+ to add a "claimed" in there.
+
+2008-01-29 Justin Pryzby <jpryzby+d@quoininc.com> (wk)
+
+ * gpg-agent.texi (Agent Options): Grammar fixes
+
+ * qualified.txt: Spelling fixes.
+
+2008-01-28 Justin Pryzby <jpryzby+d@quoininc.com> (wk)
+
+ * gpg-agent.texi, yat2m.c, scdaemon.texi, qualified.txt
+ * tools.texi, gpgsm.texi: Typo fixes and minor grammer fixes.
+
+2008-01-10 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Add missing country tag to the last entries.
+ Reported by Marcus Brinkmann.
+
+2008-01-10 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (gpgconf): Some clarifications.
+
+2008-01-02 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Esoteric Options): Mention --log-file.
+
+2007-12-13 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Add 2 root certs from S-Trust for 2008-2012.
+ * examples/trustlist.txt: Ditto.
+ * com-certs.pem: Ditto.
+
+ * gpgsm.texi (Esoteric Options): Document --extra-digest-algo.
+
+2007-12-12 Werner Koch <wk@g10code.com>
+
+ * gpg.texi: Typo fixes. From Christer Andersson.
+
+2007-12-04 Werner Koch <wk@g10code.com>
+
+ * help.txt: New online help file.
+ * help.be.txt, help.ca.txt, help.cs.txt, help.da.txt, help.de.txt
+ * help.el.txt, help.eo.txt, help.es.txt, help.et.txt, help.fi.txt
+ * help.fr.txt, help.gl.txt, help.hu.txt, help.id.txt, help.it.txt
+ * help.ja.txt, help.nb.txt, help.pl.txt, help.pt.txt
+ * help.pt_BR.txt, help.ro.txt, help.ru.txt, help.sk.txt
+ * help.sv.txt, help.tr.txt, help.zh_CN.txt, help.zh_TW.txt: New
+ online file, generated from teh current po files.
+ * Makefile.am (dist_pkgdata_DATA): Add them.
+
+2007-11-19 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): English Grammar fix.
+ Thanks to Gerg Troxel.
+
+ * gpgsm.texi (Certificate Options): Document
+ --auto-issuer-key-retrieve.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA.
+
+ * gpg-agent.texi (Agent Options): Add xauthority.
+
+2007-10-31 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg-agent.texi (Agent Options): Fix typos, by Bernhard Reiter.
+
+2007-10-27 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Document --rfc4880 (the new --openpgp).
+
+2007-10-25 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Clarify --force-v3-sigs, --pgp2, and --pgp6 a bit.
+
+2007-10-23 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Listing global options): New.
+
+2007-10-19 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Controlling gpg-connect-agent): Updated.
+
+2007-08-29 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Checking programs): New.
+
+2007-08-27 Werner Koch <wk@g10code.com>
+
+ * examples/pwpattern.list: New.
+
+2007-08-24 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Add "A root certifciate does
+ not validate."
+
+2007-08-14 Werner Koch <wk@g10code.com>
+
+ * glossary.texi (Glossary): Add a more items.
+
+2007-08-13 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (proc_texi_cmd): Do not put @samp content between two
+ newlines.
+
+ * gpg-agent.texi (Agent Configuration): Explain the CM flag for
+ trustlist.txt.
+
+2007-08-09 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Options): Describe --validation-model.
+
+2007-07-23 Werner Koch <wk@g10code.com>
+
+ * scdaemon.texi (Scdaemon Commands): Remove obsolete --print-atr.
+
+2007-07-17 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Input and Output): Document --default-key.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * gpl.texi: Updated to GPLv3.
+
+2007-06-22 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (Operational GPG Commands): Describe the flags used by
+ --check-sigs.
+
+2007-06-21 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Management): Changed description of
+ --gen-key.
+
+2007-06-19 Werner Koch <wk@g10code.com>
+
+ * glossary.texi (Glossary): Describe PSE.
+
+2007-06-18 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent GETINFO): New.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (yat2m): Use a plain rule to build it for the sake
+ of cross-compiling.
+
+ * yat2m.c (finish_page): Init SECT to NULL.
+
+2007-05-11 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (--export): Enhanced description.
+
+2007-05-09 Werner Koch <wk@g10code.com>
+
+ * examples/gpgconf.conf: Remove active example line.
+
+ * Makefile.am (online): Distinguish between released and svn manuals.
+
+2007-05-08 Werner Koch <wk@g10code.com>
+
+ * howtos.texi: New.
+ * howto-create-a-server-cert.texi: New.
+ * Makefile.am (gnupg_TEXINFOS): Add new files.
+
+ * gnupg.texi: Moved the logo for HTML more to the top.
+ * Makefile.am (install-html-local): New.
+ (DVIPS): Redefine to include srcdir.
+
+2007-05-04 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi (Top): Fix typo and a grammar issue.
+ * Makefile.am (EXTRA_DIST): Add gnupg-logo.png. Suggested by
+ Bernard Leak.
+
+2007-04-15 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Options): Update the personal-foo-preferences
+ documentation a bit.
+
+2007-04-10 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Document --batch, no-tty,
+ --yes and --no.
+
+2007-03-08 Werner Koch <wk@g10code.com>
+
+ * gnupg-logo.png, gnupg-logo.eps, gnupg-logo.pdf: New.
+ * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.eps
+ * gnupg-badge-openpgp.jpg: Removed.
+ * gnupg.texi: Use new logo.
+
+2007-03-07 Werner Koch <wk@g10code.com>
+
+ * tools.texi (applygnupgdefaults): New.
+
+2007-03-06 Werner Koch <wk@g10code.com>
+
+ * examples/gpgconf.conf: New.
+
+2007-03-04 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Esoteric Options): Document
+ --allow-multiple-messages.
+
+2007-02-26 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration): Document envvar LANGUAGE.
+ (GPG Configuration Options): Document show-primary-uid-only.
+
+2007-02-18 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Esoteric Options): No card reader options for gpg2.
+
+2007-02-14 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Doc --pinentry-touch-file.
+
+2007-02-05 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Tell how to export a private
+ key without a certificate.
+
+2007-01-30 Werner Koch <wk@g10code.com>
+
+ * com-certs.pem: Added the current root certifcates of D-Trust and
+ S-Trust.
+
+2007-01-18 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi, specify-user-id.texi: Only some of the mentions of
+ exclamation marks have an example. Give examples to the rest.
+
+2007-01-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): Make http_proxy option
+ documentation match reality.
+ (BUGS): Warn about hibernate/safe-sleep/etc writing main RAM to
+ disk, despite locking.
+
+2006-12-08 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi (direntry): Rename gpg to gpg2.
+
+2006-12-04 Werner Koch <wk@g10code.com>
+
+ * gpgv.texi: New.
+ * tools.texi: Include new file.
+
+2006-12-02 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Esoteric Options): Document --passphrase-repeat.
+
+2006-11-14 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (GPGSM EXPORT): Document changes.
+
+2006-11-11 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi (Top): Move gpg-agent part before gpg.
+
+2006-11-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Reference to --s2k-count in --s2k-mode.
+
+2006-10-30 Werner Koch <wk@g10code.com>
+
+ * faq.raw: Minor corrections.
+
+2006-10-12 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict
+ with gpg1.
+
+2006-10-12 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Document --s2k-count.
+
+2006-09-25 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Examples): Add markup to all options. This is
+ required to have the double dashs printed correclty.
+
+2006-09-22 Werner Koch <wk@g10code.com>
+
+ * instguide.texi (Installation): New.
+ * assuan.texi (Assuan): Removed. Use the libassuan manual instead.
+ * gnupg.texi: Reflect these changes.
+
+ * gpg.texi: Make some parts depend on the "gpgone" set
+ command. This allows us to use the same source for gpg1 and gpg2.
+
+ * yat2m.c (parse_file): Better parsing of @ifset and ifclear.
+ (main): Allow definition of "-D gpgone".
+ (parse_file): Allow macro definitions.
+ (proc_texi_cmd): Expand macros.
+ (proc_texi_buffer): Process commands terminated by the closing
+ brace of the enclosing command.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * texi.css: New. Note that the current vesion of makeinfo has a
+ bug while copying the @import directive. A pacth has been send to
+ upstream.
+
+2006-09-19 Werner Koch <wk@g10code.com>
+
+ * gpg.texi: Some restructuring.
+
+ * Makefile.am (online): New target.
+
+2006-09-18 Werner Koch <wk@g10code.com>
+
+ * com-certs.pem: New.
+
+2006-09-13 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Esoteric Options): Fixed typo in
+ --require-cross-certification and made it the default.
+
+2006-09-11 Werner Koch <wk@g10code.com>
+
+ * HACKING: Cleaned up.
+
+2006-09-08 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (parse_file): Ignore @node lines immediately.
+ (proc_texi_cmd): No special @end ifset processing anymore.
+
+ * specify-user-id.texi: New. Factored out of gpg.texi and ../README.
+
+2006-09-07 Werner Koch <wk@g10code.com>
+
+ * scdaemon.texi (Scdaemon Configuration): New.
+
+ * examples/scd-event: Event handler for sdaemon.
+ * examples/: New directory
+
+2006-08-22 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (parse_file): Added code to skip a line after @mansect.
+
+ * gnupg7.texi: New.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Added other doc files from gpg 1.4.
+
+2006-08-17 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Added rules to build man pages.
+
+ * yat2m.c: New.
+
+2006-02-14 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (GPGSM Configuration): New section.
+
+2005-11-14 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Added real information.
+
+2005-11-13 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: New.
+ * Makefile.am (dist_pkgdata_DATA): New.
+
+2005-08-16 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Note default file name for
+ --write-env-file.
+
+2005-06-03 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Architecture Details): New section, mostly empty.
+ * gnupg-card-architecture.fig: New.
+ * Makefile.am: Rules to build png and eps versions.
+
+ * gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
+
+2005-05-17 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Removed --disable-pth.
+
+2005-04-27 Werner Koch <wk@g10code.com>
+
+ * tools.texi (symcryptrun): Added.
+
+ * scdaemon.texi: Removed OpenSC specific options.
+
+2005-04-20 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Configuration): New section.
+
+2005-02-24 Werner Koch <wk@g10code.com>
+
+ * tools.texi (gpg-connect-agent): New.
+
+2005-02-14 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Management): Document --import.
+
+2005-01-27 Moritz Schulte <moritz@g10code.com>
+
+ * gpg-agent.texi: Document ssh-agent emulation layer.
+
+2005-01-04 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi: Updated to use @copying.
+
+2004-12-22 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi: Reordered.
+ * contrib.texi: Updated.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * tools.texi (gpg-preset-passphrase): New section.
+
+ * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New
+ * gnupg.texi: Add a logo.
+ * sysnotes.texi: New.
+
+2004-11-05 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Curses pinentry problem.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Helper Tools): Document gpgsm-gencert.sh.
+
+2004-10-05 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Tell that GPG_TTY needs to
+ be set in all cases.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * gpg.texi: New.
+ * gnupg.texi: Include gpg.texi
+
+ * tools.texi: Add a few @command markups.
+ * gpgsm.texi: Ditto.
+ * gpg-agent.texi: Ditto.
+ * scdaemon.texi: Ditto.
+
+2004-09-30 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Changing options): Add documentation for gpgconf.
+
+ * contrib.texi (Contributors): Add two missing periods.
+
+2004-09-29 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Configuration Options): Add --log-file.
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the
+ expected pinentry filename.
+
+ Changed license of the manual stuff to GPL.
+
+ * gnupg.texi (Top): New menu item Helper Tools.
+
+ * tools.texi (Helper Tools): New.
+ * Makefile.am (gnupg_TEXINFOS): Add tools.texi.
+
+2004-08-05 Werner Koch <wk@g10code.de>
+
+ * scdaemon.texi (Card applications): New section.
+
+2004-06-22 Werner Koch <wk@g10code.com>
+
+ * glossary.texi: New.
+
+2004-06-18 Werner Koch <wk@gnupg.org>
+
+ * debugging.texi: New.
+ * gnupg.texi: Include it.
+
+2004-05-11 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump.
+
+2004-05-03 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Options): Add --allow-mark-trusted.
+
+2004-02-03 Werner Koch <wk@gnupg.org>
+
+ * contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks
+ list.
+ * gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups.
+
+2003-12-01 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp.
+
+2003-11-17 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.texi (Scdaemon Options): Added --allow-admin and
+ --deny-admin.
+
+2003-10-27 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent GET_CONFIRMATION): New.
+
+2002-12-04 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Signals): New.
+
+2002-12-03 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Operational Commands): Add --passwd and
+ --call-protect-tool.
+ * gpg-agent.texi (Agent PASSWD): New
+
+2002-11-13 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Tell about GPG_TTY.
+
+2002-11-12 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Operational Commands): Add --call-dirmngr.
+
+2002-09-25 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Options): Add --keep-tty and --keep-display.
+
+2002-09-12 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Explained how to start only
+ one instance.
+
+2002-08-28 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Options): Explained more options.
+ * scdaemon.texi (Scdaemon Options): Ditto.
+
+2002-08-09 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (gnupg_TEXINFOS): Include contrib.texi.
+
+2002-08-06 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi: Added more options.
+
+2002-07-26 Werner Koch <wk@gnupg.org>
+
+ * assuan.texi: New.
+ * gpgsm.texi, scdaemon.texi, gpg-agent.texi: Documented the Assuan
+ protocol used.
+
+2002-07-22 Werner Koch <wk@gnupg.org>
+
+ * gnupg.texi, scdaemon.texi, gpg-agent.texi: New.
+ * contrib.texi, gpl.texi, fdl.texi: New.
+ * gpgsm.texi: Made this an include file for gnupg.texi.
+ * Makefile.am: Build gnupg.info instead of gpgsm.info.
+
+2002-06-04 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Invocation): Described the various debug flags.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am, gpgsm.texi: New.
+
+ Copyright 2002, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/doc/DETAILS b/doc/DETAILS
new file mode 100644
index 0000000..423eea9
--- /dev/null
+++ b/doc/DETAILS
@@ -0,0 +1,1299 @@
+ -*- text -*-
+Format of colon listings
+========================
+First an example:
+
+$ gpg --fixed-list-mode --with-colons --list-keys \
+ --with-fingerprint --with-fingerprint wk@gnupg.org
+
+pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC:
+fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013:
+uid:f::::::::Werner Koch <wk@g10code.com>:
+uid:f::::::::Werner Koch <wk@gnupg.org>:
+sub:f:1536:16:06AD222CADF6A6E1:919537416:1036177416:::::e:
+fpr:::::::::CF8BCC4B18DE08FCD8A1615906AD222CADF6A6E1:
+sub:r:1536:20:5CE086B5B5A18FF4:899817788:1025961788:::::esc:
+fpr:::::::::AB059359A3B81F410FCFF97F5CE086B5B5A18FF4:
+
+The double --with-fingerprint prints the fingerprint for the subkeys
+too. --fixed-list-mode is the modern listing way printing dates in
+seconds since Epoch and does not merge the first userID with the pub
+record; gpg2 does this by default and the option is a dummy.
+
+
+ 1. Field: Type of record
+ pub = public key
+ crt = X.509 certificate
+ crs = X.509 certificate and private key available
+ sub = subkey (secondary key)
+ sec = secret key
+ ssb = secret subkey (secondary key)
+ uid = user id (only field 10 is used).
+ uat = user attribute (same as user id except for field 10).
+ sig = signature
+ rev = revocation signature
+ fpr = fingerprint: (fingerprint is in field 10)
+ pkd = public key data (special field format, see below)
+ grp = keygrip
+ rvk = revocation key
+ tru = trust database information
+ spk = signature subpacket
+
+ 2. Field: A letter describing the calculated validity. This is a single
+ letter, but be prepared that additional information may follow
+ in some future versions. (not used for secret keys)
+ o = Unknown (this key is new to the system)
+ i = The key is invalid (e.g. due to a missing self-signature)
+ d = The key has been disabled
+ (deprecated - use the 'D' in field 12 instead)
+ r = The key has been revoked
+ e = The key has expired
+ - = Unknown validity (i.e. no value assigned)
+ q = Undefined validity
+ '-' and 'q' may safely be treated as the same
+ value for most purposes
+ n = The key is valid
+ m = The key is marginal valid.
+ f = The key is fully valid
+ u = The key is ultimately valid. This often means
+ that the secret key is available, but any key may
+ be marked as ultimately valid.
+
+ If the validity information is given for a UID or UAT
+ record, it describes the validity calculated based on this
+ user ID. If given for a key record it describes the best
+ validity taken from the best rated user ID.
+
+ For X.509 certificates a 'u' is used for a trusted root
+ certificate (i.e. for the trust anchor) and an 'f' for all
+ other valid certificates.
+
+ 3. Field: length of key in bits.
+
+ 4. Field: Algorithm: 1 = RSA
+ 16 = Elgamal (encrypt only)
+ 17 = DSA (sometimes called DH, sign only)
+ 20 = Elgamal (sign and encrypt - don't use them!)
+ (for other id's see include/cipher.h)
+
+ 5. Field: KeyID
+
+ 6. Field: Creation Date (in UTC). For UID and UAT records, this is
+ the self-signature date. Note that the date is usally
+ printed in seconds since epoch, however, we are migrating
+ to an ISO 8601 format (e.g. "19660205T091500"). This is
+ currently only relevant for X.509. A simple way to detect
+ the new format is to scan for the 'T'.
+
+ 7. Field: Key or user ID/user attribute expiration date or empty if none.
+
+ 8. Field: Used for serial number in crt records (used to be the Local-ID).
+ For UID and UAT records, this is a hash of the user ID contents
+ used to represent that exact user ID. For trust signatures,
+ this is the trust depth seperated by the trust value by a
+ space.
+
+ 9. Field: Ownertrust (primary public keys only)
+ This is a single letter, but be prepared that additional
+ information may follow in some future versions. For trust
+ signatures with a regular expression, this is the regular
+ expression value, quoted as in field 10.
+
+10. Field: User-ID. The value is quoted like a C string to avoid
+ control characters (the colon is quoted "\x3a").
+ For a "pub" record this field is not used on --fixed-list-mode.
+ A UAT record puts the attribute subpacket count here, a
+ space, and then the total attribute subpacket size.
+ In gpgsm the issuer name comes here
+ An FPR record stores the fingerprint here.
+ The fingerprint of an revocation key is stored here.
+
+11. Field: Signature class as per RFC-4880. This is a 2 digit
+ hexnumber followed by either the letter 'x' for an
+ exportable signature or the letter 'l' for a local-only
+ signature. The class byte of an revocation key is also
+ given here, 'x' and 'l' is used the same way. IT is not
+ used for X.509.
+
+12. Field: Key capabilities:
+ e = encrypt
+ s = sign
+ c = certify
+ a = authentication
+ A key may have any combination of them in any order. In
+ addition to these letters, the primary key has uppercase
+ versions of the letters to denote the _usable_
+ capabilities of the entire key, and a potential letter 'D'
+ to indicate a disabled key.
+
+13. Field: Used in FPR records for S/MIME keys to store the
+ fingerprint of the issuer certificate. This is useful to
+ build the certificate path based on certificates stored in
+ the local keyDB; it is only filled if the issuer
+ certificate is available. The root has been reached if
+ this is the same string as the fingerprint. The advantage
+ of using this value is that it is guaranteed to have been
+ been build by the same lookup algorithm as gpgsm uses.
+ For "uid" records this lists the preferences in the same
+ way the gpg's --edit-key menu does.
+ For "sig" records, this is the fingerprint of the key that
+ issued the signature. Note that this is only filled in if
+ the signature verified correctly. Note also that for
+ various technical reasons, this fingerprint is only
+ available if --no-sig-cache is used.
+
+14. Field Flag field used in the --edit menu output:
+
+15. Field Used in sec/sbb to print the serial number of a token
+ (internal protect mode 1002) or a '#' if that key is a
+ simple stub (internal protect mode 1001)
+
+All dates are displayed in the format yyyy-mm-dd unless you use the
+option --fixed-list-mode in which case they are displayed as seconds
+since Epoch. More fields may be added later, so parsers should be
+prepared for this. When parsing a number the parser should stop at the
+first non-number character so that additional information can later be
+added.
+
+If field 1 has the tag "pkd", a listing looks like this:
+pkd:0:1024:B665B1435F4C2 .... FF26ABB:
+ ! ! !-- the value
+ ! !------ for information number of bits in the value
+ !--------- index (eg. DSA goes from 0 to 3: p,q,g,y)
+
+
+Example for a "tru" trust base record:
+
+ tru:o:0:1166697654:1:3:1:5
+
+ The fields are:
+
+ 2: Reason for staleness of trust. If this field is empty, then the
+ trustdb is not stale. This field may have multiple flags in it:
+
+ o: Trustdb is old
+ t: Trustdb was built with a different trust model than the one we
+ are using now.
+
+ 3: Trust model:
+ 0: Classic trust model, as used in PGP 2.x.
+ 1: PGP trust model, as used in PGP 6 and later. This is the same
+ as the classic trust model, except for the addition of trust
+ signatures.
+
+ GnuPG before version 1.4 used the classic trust model by default.
+ GnuPG 1.4 and later uses the PGP trust model by default.
+
+ 4: Date trustdb was created in seconds since 1970-01-01.
+ 5: Date trustdb will expire in seconds since 1970-01-01.
+ 6: Number of marginally trusted users to introduce a new key signer
+ (gpg's option --marginals-needed)
+ 7: Number of completely trusted users to introduce a new key signer.
+ (gpg's option --completes-needed)
+ 8: Maximum depth of a certification chain.
+ *gpg's option --max-cert-depth)
+
+The "spk" signature subpacket records have the fields:
+
+ 2: Subpacket number as per RFC-4880 and later.
+ 3: Flags in hex. Currently the only two bits assigned are 1, to
+ indicate that the subpacket came from the hashed part of the
+ signature, and 2, to indicate the subpacket was marked critical.
+ 4: Length of the subpacket. Note that this is the length of the
+ subpacket, and not the length of field 5 below. Due to the need
+ for %-encoding, the length of field 5 may be up to 3x this value.
+ 5: The subpacket data. Printable ASCII is shown as ASCII, but other
+ values are rendered as %XX where XX is the hex value for the byte.
+
+
+Format of the "--status-fd" output
+==================================
+Every line is prefixed with "[GNUPG:] ", followed by a keyword with
+the type of the status line and a some arguments depending on the
+type (maybe none); an application should always be prepared to see
+more arguments in future versions.
+
+
+ NEWSIG
+ May be issued right before a signature verification starts. This
+ is useful to define a context for parsing ERROR status
+ messages. No arguments are currently defined.
+
+ GOODSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good. For each signature only
+ one of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG
+ or ERRSIG will be emitted. In the past they were used as a
+ marker for a new signature; new code should use the NEWSIG
+ status instead. The username is the primary one encoded in
+ UTF-8 and %XX escaped. The fingerprint may be used instead of
+ the long keyid if it is available. This is the case with CMS
+ and might eventually also be available for OpenPGP.
+
+ EXPSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good, but the signature is
+ expired. The username is the primary one encoded in UTF-8 and
+ %XX escaped. The fingerprint may be used instead of the long
+ keyid if it is available. This is the case with CMS and might
+ eventually also be available for OpenPGP.
+
+ EXPKEYSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good, but the signature was
+ made by an expired key. The username is the primary one
+ encoded in UTF-8 and %XX escaped. The fingerprint may be used
+ instead of the long keyid if it is available. This is the
+ case with CMS and might eventually also be available for
+ OpenPGP.
+
+ REVKEYSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good, but the signature was
+ made by a revoked key. The username is the primary one encoded
+ in UTF-8 and %XX escaped. The fingerprint may be used instead
+ of the long keyid if it is available. This is the case with
+ CMS and might eventually also be available for OpenPGP.
+
+ BADSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid has not been verified okay. The
+ username is the primary one encoded in UTF-8 and %XX
+ escaped. The fingerprint may be used instead of the long keyid
+ if it is available. This is the case with CMS and might
+ eventually also be available for OpenPGP.
+
+ ERRSIG <long_keyid_or_fpr> <pubkey_algo> <hash_algo> \
+ <sig_class> <timestamp> <rc>
+ It was not possible to check the signature. This may be
+ caused by a missing public key or an unsupported algorithm. A
+ RC of 4 indicates unknown algorithm, a 9 indicates a missing
+ public key. The other fields give more information about this
+ signature. sig_class is a 2 byte hex-value. The fingerprint
+ may be used instead of the long keyid if it is available.
+ This is the case with CMS and might eventually also be
+ available for OpenPGP.
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp>
+ <expire-timestamp> <sig-version> <reserved> <pubkey-algo>
+ <hash-algo> <sig-class> [ <primary-key-fpr> ]
+
+ The signature with the keyid is good. This is the same as
+ GOODSIG but has the fingerprint as the argument. Both status
+ lines are emitted for a good signature. All arguments here
+ are on one long line. sig-timestamp is the signature creation
+ time in seconds after the epoch. expire-timestamp is the
+ signature expiration time in seconds after the epoch (zero
+ means "does not expire"). sig-version, pubkey-algo, hash-algo,
+ and sig-class (a 2-byte hex value) are all straight from the
+ signature packet. PRIMARY-KEY-FPR is the fingerprint of the
+ primary key or identical to the first argument. This is
+ useful to get back to the primary key without running gpg
+ again for this purpose.
+
+ The primary-key-fpr parameter is used for OpenPGP and not
+ available for CMS signatures. The sig-version as well as the
+ sig class is not defined for CMS and currently set to 0 and 00.
+
+ Note, that *-TIMESTAMP may either be a number with seconds
+ since epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
+ This is emitted only for signatures of class 0 or 1 which
+ have been verified okay. The string is a signature id
+ and may be used in applications to detect replay attacks
+ of signed messages. Note that only DLP algorithms give
+ unique ids - others may yield duplicated ones when they
+ have been created in the same second.
+
+ Note, that SIG-TIMESTAMP may either be a number with seconds
+ since epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ ENC_TO <long_keyid> <keytype> <keylength>
+ The message is encrypted to this LONG_KEYID. KEYTYPE is the
+ numerical value of the public key algorithm or 0 if it is not
+ known, KEYLENGTH is the length of the key or 0 if it is not
+ known (which is currently always the case). Gpg prints this
+ line always; Gpgsm only if it knows the certificate.
+
+ NODATA <what>
+ No data has been found. Codes for what are:
+ 1 - No armored data.
+ 2 - Expected a packet but did not found one.
+ 3 - Invalid packet found, this may indicate a non OpenPGP
+ message.
+ 4 - signature expected but not found
+ You may see more than one of these status lines.
+
+ UNEXPECTED <what>
+ Unexpected data has been encountered
+ 0 - not further specified 1
+
+
+ TRUST_UNDEFINED <error token>
+ TRUST_NEVER <error token>
+ TRUST_MARGINAL [0 [<validation_model>]]
+ TRUST_FULLY [0 [<validation_model>]]
+ TRUST_ULTIMATE [0 [<validation_model>]]
+ For good signatures one of these status lines are emitted to
+ indicate the validity of the key used to create the signature.
+ The error token values are currently only emitted by gpgsm.
+ VALIDATION_MODEL describes the algorithm used to check the
+ validity of the key. The defaults are the standard Web of
+ Trust model for gpg and the the standard X.509 model for
+ gpgsm. The defined values are
+
+ "pgp" for the standard PGP WoT.
+ "shell" for the standard X.509 model.
+ "chain" for the chain model.
+
+ Note that we use the term "TRUST_" in the status names for
+ historic reasons; we now speak of validity.
+
+ PKA_TRUST_GOOD <mailbox>
+ PKA_TRUST_BAD <mailbox>
+ Depending on the outcome of the PKA check one of the above
+ status codes is emitted in addition to a TRUST_* status.
+ Without PKA info available or
+
+ SIGEXPIRED
+ This is deprecated in favor of KEYEXPIRED.
+
+ KEYEXPIRED <expire-timestamp>
+ The key has expired. expire-timestamp is the expiration time
+ in seconds since Epoch. This status line is not very useful
+ because it will also be emitted for expired subkeys even if
+ this subkey is not used. To check whether a key used to sign
+ a message has expired, the EXPKEYSIG status line is to be
+ used.
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ KEYREVOKED
+ The used key has been revoked by its owner. No arguments yet.
+
+ BADARMOR
+ The ASCII armor is corrupted. No arguments yet.
+
+ RSA_OR_IDEA
+ The IDEA algorithms has been used in the data. A
+ program might want to fallback to another program to handle
+ the data if GnuPG failed. This status message used to be emitted
+ also for RSA but this has been dropped after the RSA patent expired.
+ However we can't change the name of the message.
+
+ SHM_INFO
+ SHM_GET
+ SHM_GET_BOOL
+ SHM_GET_HIDDEN
+
+ GET_BOOL
+ GET_LINE
+ GET_HIDDEN
+ GOT_IT
+
+ NEED_PASSPHRASE <long main keyid> <long keyid> <keytype> <keylength>
+ Issued whenever a passphrase is needed.
+ keytype is the numerical value of the public key algorithm
+ or 0 if this is not applicable, keylength is the length
+ of the key or 0 if it is not known (this is currently always the case).
+
+ NEED_PASSPHRASE_SYM <cipher_algo> <s2k_mode> <s2k_hash>
+ Issued whenever a passphrase for symmetric encryption is needed.
+
+ NEED_PASSPHRASE_PIN <card_type> <chvno> [<serialno>]
+ Issued whenever a PIN is requested to unlock a card.
+
+ MISSING_PASSPHRASE
+ No passphrase was supplied. An application which encounters this
+ message may want to stop parsing immediately because the next message
+ will probably be a BAD_PASSPHRASE. However, if the application
+ is a wrapper around the key edit menu functionality it might not
+ make sense to stop parsing but simply ignoring the following
+ BAD_PASSPHRASE.
+
+ BAD_PASSPHRASE <long keyid>
+ The supplied passphrase was wrong or not given. In the latter case
+ you may have seen a MISSING_PASSPHRASE.
+
+ GOOD_PASSPHRASE
+ The supplied passphrase was good and the secret key material
+ is therefore usable.
+
+ DECRYPTION_FAILED
+ The symmetric decryption failed - one reason could be a wrong
+ passphrase for a symmetrical encrypted message.
+
+ DECRYPTION_OKAY
+ The decryption process succeeded. This means, that either the
+ correct secret key has been used or the correct passphrase
+ for a conventional encrypted message was given. The program
+ itself may return an errorcode because it may not be possible to
+ verify a signature for some reasons.
+
+ NO_PUBKEY <long keyid>
+ NO_SECKEY <long keyid>
+ The key is not available
+
+ IMPORT_CHECK <long keyid> <fingerprint> <user ID>
+ This status is emitted in interactive mode right before
+ the "import.okay" prompt.
+
+ IMPORTED <long keyid> <username>
+ The keyid and name of the signature just imported
+
+ IMPORT_OK <reason> [<fingerprint>]
+ The key with the primary key's FINGERPRINT has been imported.
+ Reason flags:
+ 0 := Not actually changed
+ 1 := Entirely new key.
+ 2 := New user IDs
+ 4 := New signatures
+ 8 := New subkeys
+ 16 := Contains private key.
+ The flags may be ORed.
+
+ IMPORT_PROBLEM <reason> [<fingerprint>]
+ Issued for each import failure. Reason codes are:
+ 0 := "No specific reason given".
+ 1 := "Invalid Certificate".
+ 2 := "Issuer Certificate missing".
+ 3 := "Certificate Chain too long".
+ 4 := "Error storing certificate".
+
+ IMPORT_RES <count> <no_user_id> <imported> <imported_rsa> <unchanged>
+ <n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported>
+ <sec_dups> <skipped_new_keys> <not_imported>
+ Final statistics on import process (this is one long line)
+
+ FILE_START <what> <filename>
+ Start processing a file <filename>. <what> indicates the performed
+ operation:
+ 1 - verify
+ 2 - encrypt
+ 3 - decrypt
+
+ FILE_DONE
+ Marks the end of a file processing which has been started
+ by FILE_START.
+
+ BEGIN_DECRYPTION
+ END_DECRYPTION
+ Mark the start and end of the actual decryption process. These
+ are also emitted when in --list-only mode.
+
+ BEGIN_ENCRYPTION <mdc_method> <sym_algo>
+ END_ENCRYPTION
+ Mark the start and end of the actual encryption process.
+
+ BEGIN_SIGNING
+ Mark the start of the actual signing process. This may be used
+ as an indication that all requested secret keys are ready for
+ use.
+
+ DELETE_PROBLEM reason_code
+ Deleting a key failed. Reason codes are:
+ 1 - No such key
+ 2 - Must delete secret key first
+ 3 - Ambigious specification
+
+ PROGRESS what char cur total
+ Used by the primegen and Public key functions to indicate progress.
+ "char" is the character displayed with no --status-fd enabled, with
+ the linefeed replaced by an 'X'. "cur" is the current amount
+ done and "total" is amount to be done; a "total" of 0 indicates that
+ the total amount is not known. The condition
+ TOATL && CUR == TOTAL
+ may be used to detect the end of an operation.
+ Well known values for WHAT:
+ "pk_dsa" - DSA key generation
+ "pk_elg" - Elgamal key generation
+ "primegen" - Prime generation
+ "need_entropy" - Waiting for new entropy in the RNG
+ "file:XXX" - processing file XXX
+ (note that current gpg versions leave out the
+ "file:" prefix).
+ "tick" - generic tick without any special meaning - useful
+ for letting clients know that the server is
+ still working.
+ "starting_agent" - A gpg-agent was started because it is not
+ running as a daemon.
+ "learncard" Send by the agent and gpgsm while learing
+ the data of a smartcard.
+ "card_busy" A smartcard is still working
+
+ SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
+ A signature has been created using these parameters.
+ type: 'D' = detached
+ 'C' = cleartext
+ 'S' = standard
+ (only the first character should be checked)
+ class: 2 hex digits with the signature class
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ KEY_CREATED <type> <fingerprint> [<handle>]
+ A key has been created
+ type: 'B' = primary and subkey
+ 'P' = primary
+ 'S' = subkey
+ The fingerprint is one of the primary key for type B and P and
+ the one of the subkey for S. Handle is an arbitrary
+ non-whitespace string used to match key parameters from batch
+ key creation run.
+
+ KEY_NOT_CREATED [<handle>]
+ The key from batch run has not been created due to errors.
+
+
+ SESSION_KEY <algo>:<hexdigits>
+ The session key used to decrypt the message. This message will
+ only be emitted when the special option --show-session-key
+ is used. The format is suitable to be passed to the option
+ --override-session-key
+
+ NOTATION_NAME <name>
+ NOTATION_DATA <string>
+ name and string are %XX escaped; the data may be split
+ among several NOTATION_DATA lines.
+
+ USERID_HINT <long main keyid> <string>
+ Give a hint about the user ID for a certain keyID.
+
+ POLICY_URL <string>
+ string is %XX escaped
+
+ BEGIN_STREAM
+ END_STREAM
+ Issued by pipemode.
+
+ INV_RECP <reason> <requested_recipient>
+ INV_SGNR <reason> <requested_sender>
+ Issued for each unusable recipient/sender. The reasons codes
+ currently in use are:
+ 0 := "No specific reason given".
+ 1 := "Not Found"
+ 2 := "Ambigious specification"
+ 3 := "Wrong key usage"
+ 4 := "Key revoked"
+ 5 := "Key expired"
+ 6 := "No CRL known"
+ 7 := "CRL too old"
+ 8 := "Policy mismatch"
+ 9 := "Not a secret key"
+ 10 := "Key not trusted"
+ 11 := "Missing certificate"
+ 12 := "Missing issuer certificate"
+
+ Note that for historical reasons the INV_RECP status is also
+ used for gpgsm's SIGNER command where it relates to signer's
+ of course. Newer GnuPG versions are using INV_SGNR;
+ applications should ignore the INV_RECP during the sender's
+ command processing once they have seen an INV_SGNR. We use
+ different code so that we can distinguish them while doing an
+ encrypt+sign.
+
+
+ NO_RECP <reserved>
+ NO_SGNR <reserved>
+ Issued when no recipients/senders are usable.
+
+ ALREADY_SIGNED <long-keyid>
+ Warning: This is experimental and might be removed at any time.
+
+ TRUNCATED <maxno>
+ The output was truncated to MAXNO items. This status code is issued
+ for certain external requests
+
+ ERROR <error location> <error code> [<more>]
+
+ This is a generic error status message, it might be followed
+ by error location specific data. <error code> and
+ <error_location> should not contain spaces. The error code is
+ a either a string commencing with a letter or such a string
+ prefixed with a numerical error code and an underscore; e.g.:
+ "151011327_EOF".
+
+ SUCCESS [<location>]
+ Postive confirimation that an operation succeeded. <location>
+ is optional but if given should not contain spaces.
+ Used only with a few commands.
+
+
+ ATTRIBUTE <fpr> <octets> <type> <index> <count>
+ <timestamp> <expiredate> <flags>
+ This is one long line issued for each attribute subpacket when
+ an attribute packet is seen during key listing. <fpr> is the
+ fingerprint of the key. <octets> is the length of the
+ attribute subpacket. <type> is the attribute type
+ (1==image). <index>/<count> indicates that this is the Nth
+ indexed subpacket of count total subpackets in this attribute
+ packet. <timestamp> and <expiredate> are from the
+ self-signature on the attribute packet. If the attribute
+ packet does not have a valid self-signature, then the
+ timestamp is 0. <flags> are a bitwise OR of:
+ 0x01 = this attribute packet is a primary uid
+ 0x02 = this attribute packet is revoked
+ 0x04 = this attribute packet is expired
+
+ CARDCTRL <what> [<serialno>]
+ This is used to control smartcard operations.
+ Defined values for WHAT are:
+ 1 = Request insertion of a card. Serialnumber may be given
+ to request a specific card. Used by gpg 1.4 w/o scdaemon.
+ 2 = Request removal of a card. Used by gpg 1.4 w/o scdaemon.
+ 3 = Card with serialnumber detected
+ 4 = No card available.
+ 5 = No card reader available
+ 6 = No card support available
+
+ PLAINTEXT <format> <timestamp> <filename>
+ This indicates the format of the plaintext that is about to be
+ written. The format is a 1 byte hex code that shows the
+ format of the plaintext: 62 ('b') is binary data, 74 ('t') is
+ text data with no character set specified, and 75 ('u') is
+ text data encoded in the UTF-8 character set. The timestamp
+ is in seconds since the epoch. If a filename is available it
+ gets printed as the third argument, percent-escaped as usual.
+
+ PLAINTEXT_LENGTH <length>
+ This indicates the length of the plaintext that is about to be
+ written. Note that if the plaintext packet has partial length
+ encoding it is not possible to know the length ahead of time.
+ In that case, this status tag does not appear.
+
+ SIG_SUBPACKET <type> <flags> <len> <data>
+ This indicates that a signature subpacket was seen. The
+ format is the same as the "spk" record above.
+
+ SC_OP_FAILURE [<code>]
+ An operation on a smartcard definitely failed. Currently
+ there is no indication of the actual error code, but
+ application should be prepared to later accept more arguments.
+ Defined values for CODE are:
+ 0 - unspecified error (identically to a missing CODE)
+ 1 - canceled
+ 2 - bad PIN
+
+ SC_OP_SUCCESS
+ A smart card operaion succeeded. This status is only printed
+ for certain operation and is mostly useful to check whether a
+ PIN change really worked.
+
+ BACKUP_KEY_CREATED fingerprint fname
+ A backup key named FNAME has been created for the key with
+ KEYID.
+
+ MOUNTPOINT <name>
+ NAME is a percent-plus escaped filename describing the
+ mountpoint for the current operation (e.g. g13 --mount). This
+ may either be the specified mountpoint or one randomly choosen
+ by g13.
+
+ DECRYPTION_INFO <mdc_method> <sym_algo>
+ Print information about the symmetric encryption algorithm and
+ the MDC method. This will be emitted even if the decryption
+ fails.
+
+
+
+Format of the "--attribute-fd" output
+=====================================
+
+When --attribute-fd is set, during key listings (--list-keys,
+--list-secret-keys) GnuPG dumps each attribute packet to the file
+descriptor specified. --attribute-fd is intended for use with
+--status-fd as part of the required information is carried on the
+ATTRIBUTE status tag (see above).
+
+The contents of the attribute data is specified by RFC 4880. For
+convenience, here is the Photo ID format, as it is currently the only
+attribute defined:
+
+ Byte 0-1: The length of the image header. Due to a historical
+ accident (i.e. oops!) back in the NAI PGP days, this is
+ a little-endian number. Currently 16 (0x10 0x00).
+
+ Byte 2: The image header version. Currently 0x01.
+
+ Byte 3: Encoding format. 0x01 == JPEG.
+
+ Byte 4-15: Reserved, and currently unused.
+
+ All other data after this header is raw image (JPEG) data.
+
+
+Format of the "--list-config" output
+====================================
+
+--list-config outputs information about the GnuPG configuration for
+the benefit of frontends or other programs that call GnuPG. There are
+several list-config items, all colon delimited like the rest of the
+--with-colons output. The first field is always "cfg" to indicate
+configuration information. The second field is one of (with
+examples):
+
+version: the third field contains the version of GnuPG.
+
+ cfg:version:1.3.5
+
+pubkey: the third field contains the public key algorithmdcaiphers
+ this version of GnuPG supports, separated by semicolons. The
+ algorithm numbers are as specified in RFC-4880. Note that in
+ contrast to the --status-fd interface these are _not_ the
+ Libgcrypt identifiers.
+
+ cfg:pubkey:1;2;3;16;17
+
+cipher: the third field contains the symmetric ciphers this version of
+ GnuPG supports, separated by semicolons. The cipher numbers
+ are as specified in RFC-4880.
+
+ cfg:cipher:2;3;4;7;8;9;10
+
+digest: the third field contains the digest (hash) algorithms this
+ version of GnuPG supports, separated by semicolons. The
+ digest numbers are as specified in RFC-4880.
+
+ cfg:digest:1;2;3;8;9;10
+
+compress: the third field contains the compression algorithms this
+ version of GnuPG supports, separated by semicolons. The
+ algorithm numbers are as specified in RFC-4880.
+
+ cfg:compress:0;1;2;3
+
+group: the third field contains the name of the group, and the fourth
+ field contains the values that the group expands to, separated
+ by semicolons.
+
+For example, a group of:
+ group mynames = paige 0x12345678 joe patti
+
+would result in:
+ cfg:group:mynames:patti;joe;0x12345678;paige
+
+
+Key generation
+==============
+ See the Libcrypt manual.
+
+
+Unattended key generation
+=========================
+This feature allows unattended generation of keys controlled by a
+parameter file. To use this feature, you use --gen-key together with
+--batch and feed the parameters either from stdin or from a file given
+on the commandline.
+
+The format of this file is as follows:
+ o Text only, line length is limited to about 1000 chars.
+ o You must use UTF-8 encoding to specify non-ascii characters.
+ o Empty lines are ignored.
+ o Leading and trailing spaces are ignored.
+ o A hash sign as the first non white space character indicates a comment line.
+ o Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+ o Parameters are specified by a keyword, followed by a colon. Arguments
+ are separated by white space.
+ o The first parameter must be "Key-Type", control statements
+ may be placed anywhere.
+ o Key generation takes place when either the end of the parameter file
+ is reached, the next "Key-Type" parameter is encountered or at the
+ control statement "%commit"
+ o Control statements:
+ %echo <text>
+ Print <text>.
+ %dry-run
+ Suppress actual key generation (useful for syntax checking).
+ %commit
+ Perform the key generation. An implicit commit is done
+ at the next "Key-Type" parameter.
+ %pubring <filename>
+ %secring <filename>
+ Do not write the key to the default or commandline given
+ keyring but to <filename>. This must be given before the first
+ commit to take place, duplicate specification of the same filename
+ is ignored, the last filename before a commit is used.
+ The filename is used until a new filename is used (at commit points)
+ and all keys are written to that file. If a new filename is given,
+ this file is created (and overwrites an existing one).
+ GnuPG < 2.1: Both control statements must be given.
+ GnuPG >= 2.1: "%secring" is now a no-op.
+ %ask-passphrase
+ Enable a mode where the command "passphrase" is ignored and
+ instead the usual passphrase dialog is used. This does not
+ make sense for batch key generation; however the unattended
+ key generation feature is also used by GUIs and this feature
+ relinquishes the GUI from implementing its own passphrase
+ entry code. This is a global option.
+ %no-ask-passphrase
+ Disable the ask-passphrase mode.
+ %no-protection
+ With GnuPG 2.1 it is not anymore possible to specify a
+ passphrase for unattended key generation. The passphrase
+ command is simply ignored and %ask-passpharse is thus
+ implicitly enabled. Using this option allows to the creation
+ of keys without any passphrases. This option is mainly
+ intended for regression tests.
+ %transient-key
+ If given the keys are created using a faster and a somewhat
+ less secure random number generator. This option may be used
+ for keys which are only used for a short time and do not
+ require full cryptographic strength. It takes only effect if
+ used together with the option no-protection.
+
+ o The order of the parameters does not matter except for "Key-Type"
+ which must be the first parameter. The parameters are only for the
+ generated keyblock and parameters from previous key generations are not
+ used. Some syntactically checks may be performed.
+ The currently defined parameters are:
+ Key-Type: <algo-number>|<algo-string>
+ Starts a new parameter block by giving the type of the primary
+ key. The algorithm must be capable of signing. This is a
+ required parameter. It may be "default" to use the default
+ one; in this case don't give a Key-Usage and use "default" for
+ the Subkey-Type.
+ Key-Length: <length-in-bits>
+ Length of the key in bits. The default is returned by running
+ the command "gpg --gpgconf-list".
+ Key-Usage: <usage-list>
+ Space or comma delimited list of key usage, allowed values are
+ "encrypt", "sign", and "auth". This is used to generate the
+ key flags. Please make sure that the algorithm is capable of
+ this usage. Note that OpenPGP requires that all primary keys
+ are capable of certification, so no matter what usage is given
+ here, the "cert" flag will be on. If no Key-Usage is
+ specified and the key-type is not "default", all allowed
+ usages for that particular algorithm are used; if it is not
+ given but "default" is used the usage will be "sign".
+ Subkey-Type: <algo-number>|<algo-string>
+ This generates a secondary key. Currently only one subkey
+ can be handled. "default" is also supported.
+ Subkey-Length: <length-in-bits>
+ Length of the subkey in bits. The default is returned by running
+ the command "gpg --gpgconf-list".
+ Subkey-Usage: <usage-list>
+ Similar to Key-Usage.
+ Passphrase: <string>
+ If you want to specify a passphrase for the secret key,
+ enter it here. Default is not to use any passphrase.
+ Name-Real: <string>
+ Name-Comment: <string>
+ Name-Email: <string>
+ The 3 parts of a key. Remember to use UTF-8 here.
+ If you don't give any of them, no user ID is created.
+ Expire-Date: <iso-date>|(<number>[d|w|m|y])
+ Set the expiration date for the key (and the subkey). It may
+ either be entered in ISO date format (2000-08-15) or as number
+ of days, weeks, month or years. The special notation
+ "seconds=N" is also allowed to directly give an Epoch
+ value. Without a letter days are assumed. Note that there is
+ no check done on the overflow of the type used by OpenPGP for
+ timestamps. Thus you better make sure that the given value
+ make sense. Although OpenPGP works with time intervals, GnuPG
+ uses an absolute value internally and thus the last year we
+ can represent is 2105.
+ Creation-Date: <iso-date>
+ Set the creation date of the key as stored in the key
+ information and which is also part of the fingerprint
+ calculation. Either a date like "1986-04-26" or a full
+ timestamp like "19860426T042640" may be used. The time is
+ considered to be UTC. If it is not given the current time
+ is used.
+ Preferences: <string>
+ Set the cipher, hash, and compression preference values for
+ this key. This expects the same type of string as "setpref"
+ in the --edit menu.
+ Revoker: <algo>:<fpr> [sensitive]
+ Add a designated revoker to the generated key. Algo is the
+ public key algorithm of the designated revoker (i.e. RSA=1,
+ DSA=17, etc.) Fpr is the fingerprint of the designated
+ revoker. The optional "sensitive" flag marks the designated
+ revoker as sensitive information. Only v4 keys may be
+ designated revokers.
+ Handle: <string>
+ This is an optional parameter only used with the status lines
+ KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100
+ characters and should not contain spaces. It is useful for
+ batch key generation to associate a key parameter block with a
+ status line.
+ Keyserver: <string>
+ This is an optional parameter that specifies the preferred
+ keyserver URL for the key.
+
+
+Here is an example on how to create a key:
+$ cat >foo <<EOF
+ %echo Generating a basic OpenPGP key
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+EOF
+$ gpg --batch --gen-key foo
+ [...]
+$ gpg --no-default-keyring --secret-keyring ./foo.sec \
+ --keyring ./foo.pub --list-secret-keys
+/home/wk/work/gnupg-stable/scratch/foo.sec
+------------------------------------------
+sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
+ssb 1024g/8F70E2C0 2000-03-09
+
+If you want to create a key with the default algorithms you would
+use these parameters:
+
+ %echo Generating a default key
+ Key-Type: default
+ Subkey-Type: default
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+
+
+
+
+Layout of the TrustDB
+=====================
+The TrustDB is built from fixed length records, where the first byte
+describes the record type. All numeric values are stored in network
+byte order. The length of each record is 40 bytes. The first record of
+the DB is always of type 1 and this is the only record of this type.
+
+FIXME: The layout changed, document it here.
+
+ Record type 0:
+ --------------
+ Unused record, can be reused for any purpose.
+
+ Record type 1:
+ --------------
+ Version information for this TrustDB. This is always the first
+ record of the DB and the only one with type 1.
+ 1 byte value 1
+ 3 bytes 'gpg' magic value
+ 1 byte Version of the TrustDB (2)
+ 1 byte marginals needed
+ 1 byte completes needed
+ 1 byte max_cert_depth
+ The three items are used to check whether the cached
+ validity value from the dir record can be used.
+ 1 u32 locked flags [not used]
+ 1 u32 timestamp of trustdb creation
+ 1 u32 timestamp of last modification which may affect the validity
+ of keys in the trustdb. This value is checked against the
+ validity timestamp in the dir records.
+ 1 u32 timestamp of last validation [currently not used]
+ (Used to keep track of the time, when this TrustDB was checked
+ against the pubring)
+ 1 u32 record number of keyhashtable [currently not used]
+ 1 u32 first free record
+ 1 u32 record number of shadow directory hash table [currently not used]
+ It does not make sense to combine this table with the key table
+ because the keyid is not in every case a part of the fingerprint.
+ 1 u32 record number of the trusthashtbale
+
+
+ Record type 2: (directory record)
+ --------------
+ Informations about a public key certificate.
+ These are static values which are never changed without user interaction.
+
+ 1 byte value 2
+ 1 byte reserved
+ 1 u32 LID . (This is simply the record number of this record.)
+ 1 u32 List of key-records (the first one is the primary key)
+ 1 u32 List of uid-records
+ 1 u32 cache record
+ 1 byte ownertrust
+ 1 byte dirflag
+ 1 byte maximum validity of all the user ids
+ 1 u32 time of last validity check.
+ 1 u32 Must check when this time has been reached.
+ (0 = no check required)
+
+
+ Record type 3: (key record)
+ --------------
+ Informations about a primary public key.
+ (This is mainly used to lookup a trust record)
+
+ 1 byte value 3
+ 1 byte reserved
+ 1 u32 LID
+ 1 u32 next - next key record
+ 7 bytes reserved
+ 1 byte keyflags
+ 1 byte pubkey algorithm
+ 1 byte length of the fingerprint (in bytes)
+ 20 bytes fingerprint of the public key
+ (This is the value we use to identify a key)
+
+ Record type 4: (uid record)
+ --------------
+ Informations about a userid
+ We do not store the userid but the hash value of the userid because that
+ is sufficient.
+
+ 1 byte value 4
+ 1 byte reserved
+ 1 u32 LID points to the directory record.
+ 1 u32 next next userid
+ 1 u32 pointer to preference record
+ 1 u32 siglist list of valid signatures
+ 1 byte uidflags
+ 1 byte validity of the key calculated over this user id
+ 20 bytes ripemd160 hash of the username.
+
+
+ Record type 5: (pref record)
+ --------------
+ This record type is not anymore used.
+
+ 1 byte value 5
+ 1 byte reserved
+ 1 u32 LID; points to the directory record (and not to the uid record!).
+ (or 0 for standard preference record)
+ 1 u32 next
+ 30 byte preference data
+
+ Record type 6 (sigrec)
+ -------------
+ Used to keep track of key signatures. Self-signatures are not
+ stored. If a public key is not in the DB, the signature points to
+ a shadow dir record, which in turn has a list of records which
+ might be interested in this key (and the signature record here
+ is one).
+
+ 1 byte value 6
+ 1 byte reserved
+ 1 u32 LID points back to the dir record
+ 1 u32 next next sigrec of this uid or 0 to indicate the
+ last sigrec.
+ 6 times
+ 1 u32 Local_id of signatures dir or shadow dir record
+ 1 byte Flag: Bit 0 = checked: Bit 1 is valid (we have a real
+ directory record for this)
+ 1 = valid is set (but may be revoked)
+
+
+
+ Record type 8: (shadow directory record)
+ --------------
+ This record is used to reserve a LID for a public key. We
+ need this to create the sig records of other keys, even if we
+ do not yet have the public key of the signature.
+ This record (the record number to be more precise) will be reused
+ as the dir record when we import the real public key.
+
+ 1 byte value 8
+ 1 byte reserved
+ 1 u32 LID (This is simply the record number of this record.)
+ 2 u32 keyid
+ 1 byte pubkey algorithm
+ 3 byte reserved
+ 1 u32 hintlist A list of records which have references to
+ this key. This is used for fast access to
+ signature records which are not yet checked.
+ Note, that this is only a hint and the actual records
+ may not anymore hold signature records for that key
+ but that the code cares about this.
+ 18 byte reserved
+
+
+
+ Record Type 10 (hash table)
+ --------------
+ Due to the fact that we use fingerprints to lookup keys, we can
+ implement quick access by some simple hash methods, and avoid
+ the overhead of gdbm. A property of fingerprints is that they can be
+ used directly as hash values. (They can be considered as strong
+ random numbers.)
+ What we use is a dynamic multilevel architecture, which combines
+ hashtables, record lists, and linked lists.
+
+ This record is a hashtable of 256 entries; a special property
+ is that all these records are stored consecutively to make one
+ big table. The hash value is simple the 1st, 2nd, ... byte of
+ the fingerprint (depending on the indirection level).
+
+ When used to hash shadow directory records, a different table is used
+ and indexed by the keyid.
+
+ 1 byte value 10
+ 1 byte reserved
+ n u32 recnum; n depends on the record length:
+ n = (reclen-2)/4 which yields 9 for the current record length
+ of 40 bytes.
+
+ the total number of such record which makes up the table is:
+ m = (256+n-1) / n
+ which is 29 for a record length of 40.
+
+ To look up a key we use the first byte of the fingerprint to get
+ the recnum from this hashtable and look up the addressed record:
+ - If this record is another hashtable, we use 2nd byte
+ to index this hash table and so on.
+ - if this record is a hashlist, we walk all entries
+ until we found one a matching one.
+ - if this record is a key record, we compare the
+ fingerprint and to decide whether it is the requested key;
+
+
+ Record type 11 (hash list)
+ --------------
+ see hash table for an explanation.
+ This is also used for other purposes.
+
+ 1 byte value 11
+ 1 byte reserved
+ 1 u32 next next hash list record
+ n times n = (reclen-5)/5
+ 1 u32 recnum
+
+ For the current record length of 40, n is 7
+
+
+
+ Record type 254 (free record)
+ ---------------
+ All these records form a linked list of unused records.
+ 1 byte value 254
+ 1 byte reserved (0)
+ 1 u32 next_free
+
+
+
+GNU extensions to the S2K algorithm
+===================================
+S2K mode 101 is used to identify these extensions.
+After the hash algorithm the 3 bytes "GNU" are used to make
+clear that these are extensions for GNU, the next bytes gives the
+GNU protection mode - 1000. Defined modes are:
+ 1001 - do not store the secret part at all
+ 1002 - a stub to access smartcards (not used in 1.2.x)
+
+
+
+Other Notes
+===========
+ * For packet version 3 we calculate the keyids this way:
+ RSA := low 64 bits of n
+ ELGAMAL := build a v3 pubkey packet (with CTB 0x99) and calculate
+ a rmd160 hash value from it. This is used as the
+ fingerprint and the low 64 bits are the keyid.
+
+ * Revocation certificates consist only of the signature packet;
+ "import" knows how to handle this. The rationale behind it is
+ to keep them small.
+
+
+OIDs below the GnuPG arc:
+=========================
+
+ 1.3.6.1.4.1.11591.2 GnuPG
+ 1.3.6.1.4.1.11591.2.1 notation
+ 1.3.6.1.4.1.11591.2.1.1 pkaAddress
+ 1.3.6.1.4.1.11591.2.12242973 invalid encoded OID
+
+
+
+Keyserver Message Format
+=========================
+
+The keyserver may be contacted by a Unix Domain socket or via TCP.
+
+The format of a request is:
+
+====
+command-tag
+"Content-length:" digits
+CRLF
+=======
+
+Where command-tag is
+
+NOOP
+GET <user-name>
+PUT
+DELETE <user-name>
+
+
+The format of a response is:
+
+======
+"GNUPG/1.0" status-code status-text
+"Content-length:" digits
+CRLF
+============
+followed by <digits> bytes of data
+
+
+Status codes are:
+
+ o 1xx: Informational - Request received, continuing process
+
+ o 2xx: Success - The action was successfully received, understood,
+ and accepted
+
+ o 4xx: Client Error - The request contains bad syntax or cannot be
+ fulfilled
+
+ o 5xx: Server Error - The server failed to fulfill an apparently
+ valid request
+
+
+
+Documentation on HKP (the http keyserver protocol):
+
+A minimalistic HTTP server on port 11371 recognizes a GET for /pks/lookup.
+The standard http URL encoded query parameters are this (always key=value):
+
+- op=index (like pgp -kv), op=vindex (like pgp -kvv) and op=get (like
+ pgp -kxa)
+
+- search=<stringlist>. This is a list of words that must occur in the key.
+ The words are delimited with space, points, @ and so on. The delimiters
+ are not searched for and the order of the words doesn't matter (but see
+ next option).
+
+- exact=on. This switch tells the hkp server to only report exact matching
+ keys back. In this case the order and the "delimiters" are important.
+
+- fingerprint=on. Also reports the fingerprints when used with 'index' or
+ 'vindex'
+
+The keyserver also recognizes http-POSTs to /pks/add. Use this to upload
+keys.
+
+
+A better way to do this would be a request like:
+
+ /pks/lookup/<gnupg_formatierte_user_id>?op=<operation>
+
+This can be implemented using Hurd's translator mechanism.
+However, I think the whole key server stuff has to be re-thought;
+I have some ideas and probably create a white paper.
+
diff --git a/doc/FAQ b/doc/FAQ
new file mode 100644
index 0000000..32d0744
--- /dev/null
+++ b/doc/FAQ
@@ -0,0 +1,13 @@
+GnuPG Frequently Asked Questions
+
+A FAQ is a fast moving target and thus we don't distribute it anymore
+with GnuPG. You may retrieve the current FAQ in HTML format at
+
+ http://www.gnupg.org/faq/GnuPG-FAQ.html
+
+or in plain text format at the FTP server:
+
+ ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt
+
+
+
diff --git a/doc/HACKING b/doc/HACKING
new file mode 100644
index 0000000..e27bc07
--- /dev/null
+++ b/doc/HACKING
@@ -0,0 +1,200 @@
+ A Hacker's Guide to GNUPG
+ ================================
+ (Some notes on GNUPG internals.)
+
+
+* No more ChangeLog files
+
+Do not modify any of the ChangeLog files in GnuPG. Starting on
+December 1st, 2011 we put change information only in the GIT commit
+log, and generate a top-level ChangeLog file from logs at "make dist"
+time. As such, there are strict requirements on the form of the
+commit log messages. The old ChangeLog files have all be renamed to
+ChangeLog-2011
+
+
+* Commit log requirements
+
+Your commit log should always start with a one-line summary, the second
+line should be blank, and the remaining lines are usually ChangeLog-style
+entries for all affected files. However, it's fine -- even recommended --
+to write a few lines of prose describing the change, when the summary
+and ChangeLog entries don't give enough of the big picture. Omit the
+leading TABs that you're used to seeing in a "real" ChangeLog file, but
+keep the maximum line length at 72 or smaller, so that the generated
+ChangeLog lines, each with its leading TAB, will not exceed 80 columns.
+
+
+
+===> What follows is probably out of date <===
+
+
+
+RFCs
+====
+
+1423 Privacy Enhancement for Internet Electronic Mail:
+ Part III: Algorithms, Modes, and Identifiers.
+
+1489 Registration of a Cyrillic Character Set.
+
+1750 Randomness Recommendations for Security.
+
+1991 PGP Message Exchange Formats.
+
+2015 MIME Security with Pretty Good Privacy (PGP).
+
+2144 The CAST-128 Encryption Algorithm.
+
+2279 UTF-8, a transformation format of ISO 10646.
+
+2440 OpenPGP.
+
+
+
+Directory Layout
+----------------
+ ./ Readme, configure
+ ./agent Gpg-agent and related tools
+ ./doc Documentation
+ ./doc Documentation
+ ./g10 Gpg program here called gpg2
+ ./jnlib Utility functions
+ ./kbx Keybox library
+ ./scd Smartcard daemon
+ ./scripts Scripts needed by configure and others
+ ./sm Gpgsm program
+
+
+Detailed Roadmap
+----------------
+g10/gpg.c Main module with option parsing and all the stuff you have
+ to do on startup. Also has the exout handler and some
+ helper functions.
+g10/sign.c Create signature and optionally encrypt
+
+g10/parse-packet.c
+g10/build-packet.c
+g10/free-packet.c
+ Parsing and creating of OpenPGP message packets.
+
+g10/getkey.c Key selection code
+g10/pkclist.c Build a list of public keys
+g10/skclist.c Build a list of secret keys
+g10/ringedit.c Keyring I/O
+g10/keydb.h
+
+g10/keyid.c Helper functions to get the keyid, fingerprint etc.
+
+
+g10/trustdb.c
+g10/trustdb.h
+g10/tdbdump.c
+ Management of the trustdb.gpg
+
+g10/compress.c Filter to handle compression
+g10/filter.h Declarations for all filter functions
+g10/delkey.c Delete a key
+g10/kbnode.c Helper for the KBNODE linked list
+g10/main.h Prototypes and some constants
+g10/mainproc.c Message processing
+g10/armor.c Ascii armor filter
+g10/mdfilter.c Filter to calculate hashs
+g10/textfilter.c Filter to handle CR/LF and trailing white space
+g10/cipher.c En-/Decryption filter
+g10/misc.c Utlity functions
+g10/options.h Structure with all the command line options
+ and related constants
+g10/openfile.c Create/Open Files
+g10/tdbio.c I/O handling for the trustdb.gpg
+g10/tdbio.h
+g10/hkp.h Keyserver access
+g10/hkp.c
+g10/packet.h Defintion of OpenPGP structures.
+g10/passphrase.c Passphrase handling code
+g10/pubkey-enc.c
+g10/seckey-cert.c
+g10/seskey.c
+g10/import.c
+g10/export.c
+g10/comment.c
+g10/status.c
+g10/status.h
+g10/sign.c
+g10/plaintext.c
+g10/encr-data.c
+g10/encode.c
+g10/revoke.c
+g10/keylist.c
+g10/sig-check.c
+g10/signal.c
+g10/helptext.c
+g10/verify.c
+g10/decrypt.c
+g10/keyedit.c
+g10/dearmor.c
+g10/keygen.c
+
+
+
+Memory allocation
+-----------------
+Use only the functions:
+
+ xmalloc
+ xmalloc_secure
+ xtrymalloc
+ xtrymalloc_secure
+ xcalloc
+ xcalloc_secure
+ xtrycalloc
+ xtrycalloc_secure
+ xrealloc
+ xtryrealloc
+ xstrdup
+ xtrystrdup
+ xfree
+
+
+The *secure versions allocated memory in the secure memory. That is,
+swapping out of this memory is avoided and is gets overwritten on
+free. Use this for passphrases, session keys and other sensitive
+material. This memory set aside for secure memory is linited to a few
+k. In general the function don't print a memeory message and
+terminate the process if there is not enough memory available. The
+"try" versions of the functions return NULL instead.
+
+
+Logging
+-------
+
+
+
+
+
+
+Option parsing
+---------------
+GNUPG does not use getopt or GNU getopt but functions of it's own. See
+util/argparse.c for details. The advantage of these functions is that
+it is more easy to display and maintain the help texts for the options.
+The same option table is also used to parse resource files.
+
+
+
+What is an IOBUF
+----------------
+This is the data structure used for most I/O of gnupg. It is similar
+to System V Streams but much simpler. Because OpenPGP messages are nested
+in different ways; the use of such a system has big advantages. Here is
+an example, how it works: If the parser sees a packet header with a partial
+length, it pushes the block_filter onto the IOBUF to handle these partial
+length packets: from now on you don't have to worry about this. When it sees
+a compressed packet it pushes the uncompress filter and the next read byte
+is one which has already been uncompressed by this filter. Same goes for
+enciphered packet, plaintext packets and so on. The file g10/encode.c
+might be a good staring point to see how it is used - actually this is
+the other way: constructing messages using pushed filters but it may be
+easier to understand.
+
+
diff --git a/doc/KEYSERVER b/doc/KEYSERVER
new file mode 100644
index 0000000..f63200a
--- /dev/null
+++ b/doc/KEYSERVER
@@ -0,0 +1,83 @@
+Format of keyserver colon listings
+==================================
+
+David Shaw <dshaw@jabberwocky.com>
+
+The machine readable response begins with an optional information
+line:
+
+info:<version>:<count>
+
+<version> = this is the version of this protocol. Currently, this is
+ the number 1.
+
+<count> = the number of keys returned in this response. Note this is
+ the number of keys, and not the number of lines returned.
+ It should match the number of "pub:" lines returned.
+
+If this optional line is not included, or the version information is
+not supplied, the version number is assumed to be 1.
+
+The key listings are made up of several lines per key. The first line
+is for the primary key:
+
+pub:<fingerprint>:<algo>:<keylen>:<creationdate>:<expirationdate>:<flags>
+
+<fingerprint> = this is either the fingerprint or the keyid of the
+ key. Either the 16-digit or 8-digit keyids are
+ acceptable, but obviously the fingerprint is best.
+ Since it is not possible to calculate the keyid from a
+ V3 key fingerprint, for V3 keys this should be either
+ the 16-digit or 8-digit keyid only.
+
+<algo> = the algorithm number from RFC-2440. (i.e. 1==RSA, 17==DSA,
+ etc).
+
+<keylen> = the key length (i.e. 1024, 2048, 4096, etc.)
+
+<creationdate> = creation date of the key in standard RFC-2440 form
+ (i.e. number of seconds since 1/1/1970 UTC time)
+
+<expirationdate> = expiration date of the key in standard RFC-2440
+ form (i.e. number of seconds since 1/1/1970 UTC time)
+
+<flags> = letter codes to indicate details of the key, if any. Flags
+ may be in any order.
+
+ r == revoked
+ d == disabled
+ e == expired
+
+Following the "pub" line are one or more "uid" lines to indicate user
+IDs on the key:
+
+uid:<escaped uid string>:<creationdate>:<expirationdate>:<flags>
+
+<escaped uid string> == the user ID string, with HTTP %-escaping for
+ anything that isn't 7-bit safe as well as for
+ the ":" character. Any other characters may
+ be escaped, as desired.
+
+creationdate, expirationdate, and flags mean the same here as before.
+The information is taken from the self-sig, if any, and applies to the
+user ID in question, and not to the key as a whole.
+
+Details:
+
+* All characters except for the <escaped uid string> are
+ case-insensitive.
+
+* Obviously, on a keyserver without integrated crypto, many of the
+ items given here are not fully trustworthy until the key is
+ downloaded and signatures checked. For example, the information
+ that a key is flagged "r" for revoked should be treated as
+ untrustworthy information until the key is checked on the client
+ side.
+
+* Empty fields are allowed. For example, a key with no expiration
+ date would have the <expirationdate> field empty. Also, a keyserver
+ that does not track a particular piece of information may leave that
+ field empty as well. I expect that the creation and expiration
+ dates for user IDs will be left empty in current keyservers. Colons
+ for empty fields on the end of each line may be left off, if
+ desired.
diff --git a/doc/Makefile.am b/doc/Makefile.am
new file mode 100644
index 0000000..c8d799b
--- /dev/null
+++ b/doc/Makefile.am
@@ -0,0 +1,150 @@
+# Copyright (C) 2002, 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+examples = examples/README examples/scd-event examples/trustlist.txt \
+ examples/gpgconf.conf examples/pwpattern.list
+
+helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
+ help.da.txt help.de.txt help.el.txt help.eo.txt \
+ help.es.txt help.et.txt help.fi.txt help.fr.txt \
+ help.gl.txt help.hu.txt help.id.txt help.it.txt \
+ help.ja.txt help.nb.txt help.pl.txt help.pt.txt \
+ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \
+ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt
+
+EXTRA_DIST = samplekeys.asc ChangeLog-2011 \
+ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \
+ gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf \
+ FAQ gnupg7.texi \
+ opt-homedir.texi see-also-note.texi specify-user-id.texi \
+ gpgv.texi texi.css yat2m.c
+
+BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf
+
+info_TEXINFOS = gnupg.texi
+
+dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles)
+
+nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \
+ $(examples)
+
+
+gnupg_TEXINFOS = \
+ gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \
+ tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
+ sysnotes.texi gnupg-card-architecture.fig \
+ howtos.texi howto-create-a-server-cert.texi
+
+DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
+
+AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css
+
+YAT2M_OPTIONS = -I $(srcdir) \
+ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
+
+myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
+ scdaemon.texi tools.texi
+myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \
+ watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
+ gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
+ gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1
+
+man_MANS = $(myman_pages)
+noinst_MANS = gnupg.7
+
+watchgnupg_SOURCE = gnupg.texi
+
+
+CLEANFILES = yat2m faq.txt
+
+DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
+ $(myman_pages) gnupg.7
+
+yat2m: yat2m.c
+ $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
+
+.fig.png:
+ fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.jpg:
+ fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.eps:
+ fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.pdf:
+ fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+# Note that yatm --store has a bug in that the @ifset gpgtwoone still
+# creates a dirmngr-client page from tools.texi.
+yat2m-stamp: $(myman_sources)
+ @rm -f yat2m-stamp.tmp
+ @touch yat2m-stamp.tmp
+ for file in $(myman_sources) ; do \
+ ./yat2m $(YAT2M_OPTIONS) --store \
+ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
+ @test -f dirmngr-client.1 && rm dirmngr-client.1
+ @mv -f yat2m-stamp.tmp $@
+
+yat2m-stamp: yat2m
+
+$(myman_pages) gnupg.7 : yat2m-stamp
+ @if test -f $@; then :; else \
+ trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \
+ if mkdir yat2m-lock 2>/dev/null; then \
+ rm -f yat2m-stamp; \
+ $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \
+ rmdir yat2m-lock; \
+ else \
+ while test -d yat2m-lock; do sleep 1; done; \
+ test -f yat2m-stamp; exit $$?; \
+ fi; \
+ fi
+
+# Make sure that gnupg.texi is touched if any other source file has
+# been modified. This is required so that the version.texi magic
+# updates the release date.
+gnupg.texi : $(gnupg_TEXINFOS)
+ touch $(srcdir)/gnupg.texi
+
+# Copy shared files from the master branch. We keep the texinfo files
+# all in master so that we need to modify only one source. Macros are
+# used to customize them for a specific version.
+update-source:
+ @set -e; cd $(srcdir); \
+ for i in $(gnupg_TEXINFOS) yat2m.c ; do \
+ echo "updating from master:doc/$$i" >&2 ; \
+ git show master:doc/$$i >$$i ; \
+ done
+
+online: gnupg.html gnupg.pdf
+ set -e; \
+ echo "Uploading current manuals to www.gnupg.org ..."; \
+ cp $(srcdir)/gnupg-logo.png gnupg.html/; \
+ user=werner ; dashdevel="" ; \
+ if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
+ dashdevel="-devel" ; \
+ else \
+ rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \
+ fi ; \
+ cd gnupg.html ; \
+ rsync -vr --exclude='.svn' . \
+ $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/
diff --git a/doc/Makefile.in b/doc/Makefile.in
new file mode 100644
index 0000000..cb96a30
--- /dev/null
+++ b/doc/Makefile.in
@@ -0,0 +1,1029 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2002, 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(dist_pkgdata_DATA) $(gnupg_TEXINFOS) \
+ $(nobase_dist_doc_DATA) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(srcdir)/stamp-vti \
+ $(srcdir)/version.texi
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+INFO_DEPS = $(srcdir)/gnupg.info
+TEXINFO_TEX = $(top_srcdir)/scripts/texinfo.tex
+am__TEXINFO_TEX_DIR = $(top_srcdir)/scripts
+DVIS = gnupg.dvi
+PDFS = gnupg.pdf
+PSS = gnupg.ps
+HTMLS = gnupg.html
+TEXINFOS = gnupg.texi
+TEXI2DVI = texi2dvi
+TEXI2PDF = $(TEXI2DVI) --pdf --batch
+MAKEINFOHTML = $(MAKEINFO) --html
+AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS)
+am__installdirs = "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man1dir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" \
+ "$(DESTDIR)$(docdir)"
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(dist_pkgdata_DATA) $(nobase_dist_doc_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+examples = examples/README examples/scd-event examples/trustlist.txt \
+ examples/gpgconf.conf examples/pwpattern.list
+
+helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
+ help.da.txt help.de.txt help.el.txt help.eo.txt \
+ help.es.txt help.et.txt help.fi.txt help.fr.txt \
+ help.gl.txt help.hu.txt help.id.txt help.it.txt \
+ help.ja.txt help.nb.txt help.pl.txt help.pt.txt \
+ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \
+ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt
+
+EXTRA_DIST = samplekeys.asc ChangeLog-2011 \
+ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \
+ gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf \
+ FAQ gnupg7.texi \
+ opt-homedir.texi see-also-note.texi specify-user-id.texi \
+ gpgv.texi texi.css yat2m.c
+
+BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf
+
+info_TEXINFOS = gnupg.texi
+dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles)
+nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \
+ $(examples)
+
+gnupg_TEXINFOS = \
+ gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \
+ tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
+ sysnotes.texi gnupg-card-architecture.fig \
+ howtos.texi howto-create-a-server-cert.texi
+
+DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
+AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css
+YAT2M_OPTIONS = -I $(srcdir) \
+ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
+
+myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
+ scdaemon.texi tools.texi
+
+myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \
+ watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
+ gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
+ gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1
+
+man_MANS = $(myman_pages)
+noinst_MANS = gnupg.7
+watchgnupg_SOURCE = gnupg.texi
+CLEANFILES = yat2m faq.txt
+DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
+ $(myman_pages) gnupg.7
+
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .dvi .eps .fig .html .info .jpg .pdf .png .ps .texi
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+.texi.info:
+ restore=: && backupdir="$(am__leading_dot)am$$$$" && \
+ am__cwd=`pwd` && $(am__cd) $(srcdir) && \
+ rm -rf $$backupdir && mkdir $$backupdir && \
+ if ($(MAKEINFO) --version) >/dev/null 2>&1; then \
+ for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \
+ if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \
+ done; \
+ else :; fi && \
+ cd "$$am__cwd"; \
+ if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
+ -o $@ $<; \
+ then \
+ rc=0; \
+ $(am__cd) $(srcdir); \
+ else \
+ rc=$$?; \
+ $(am__cd) $(srcdir) && \
+ $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \
+ fi; \
+ rm -rf $$backupdir; exit $$rc
+
+.texi.dvi:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
+ $(TEXI2DVI) $<
+
+.texi.pdf:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
+ $(TEXI2PDF) $<
+
+.texi.html:
+ rm -rf $(@:.html=.htp)
+ if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
+ -o $(@:.html=.htp) $<; \
+ then \
+ rm -rf $@; \
+ if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
+ mv $(@:.html=) $@; else mv $(@:.html=.htp) $@; fi; \
+ else \
+ if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
+ rm -rf $(@:.html=); else rm -Rf $(@:.html=.htp) $@; fi; \
+ exit 1; \
+ fi
+$(srcdir)/gnupg.info: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+gnupg.dvi: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+gnupg.pdf: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+gnupg.html: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+$(srcdir)/version.texi: @MAINTAINER_MODE_TRUE@ $(srcdir)/stamp-vti
+$(srcdir)/stamp-vti: gnupg.texi $(top_srcdir)/configure
+ @(dir=.; test -f ./gnupg.texi || dir=$(srcdir); \
+ set `$(SHELL) $(top_srcdir)/scripts/mdate-sh $$dir/gnupg.texi`; \
+ echo "@set UPDATED $$1 $$2 $$3"; \
+ echo "@set UPDATED-MONTH $$2 $$3"; \
+ echo "@set EDITION $(VERSION)"; \
+ echo "@set VERSION $(VERSION)") > vti.tmp
+ @cmp -s vti.tmp $(srcdir)/version.texi \
+ || (echo "Updating $(srcdir)/version.texi"; \
+ cp vti.tmp $(srcdir)/version.texi)
+ -@rm -f vti.tmp
+ @cp $(srcdir)/version.texi $@
+
+mostlyclean-vti:
+ -rm -f vti.tmp
+
+maintainer-clean-vti:
+@MAINTAINER_MODE_TRUE@ -rm -f $(srcdir)/stamp-vti $(srcdir)/version.texi
+.dvi.ps:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ $(DVIPS) -o $@ $<
+
+uninstall-dvi-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(DVIS)'; test -n "$(dvidir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \
+ rm -f "$(DESTDIR)$(dvidir)/$$f"; \
+ done
+
+uninstall-html-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(HTMLS)'; test -n "$(htmldir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \
+ rm -rf "$(DESTDIR)$(htmldir)/$$f"; \
+ done
+
+uninstall-info-am:
+ @$(PRE_UNINSTALL)
+ @if test -d '$(DESTDIR)$(infodir)' && \
+ (install-info --version && \
+ install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
+ list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \
+ if install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \
+ then :; else test ! -f "$(DESTDIR)$(infodir)/$$relfile" || exit 1; fi; \
+ done; \
+ else :; fi
+ @$(NORMAL_UNINSTALL)
+ @list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ relfile_i=`echo "$$relfile" | sed 's|\.info$$||;s|$$|.i|'`; \
+ (if test -d "$(DESTDIR)$(infodir)" && cd "$(DESTDIR)$(infodir)"; then \
+ echo " cd '$(DESTDIR)$(infodir)' && rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]"; \
+ rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]; \
+ else :; fi); \
+ done
+
+uninstall-pdf-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(pdfdir)/$$f"; \
+ done
+
+uninstall-ps-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(PSS)'; test -n "$(psdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(psdir)/$$f"; \
+ done
+
+dist-info: $(INFO_DEPS)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ list='$(INFO_DEPS)'; \
+ for base in $$list; do \
+ case $$base in \
+ $(srcdir)/*) base=`echo "$$base" | sed "s|^$$srcdirstrip/||"`;; \
+ esac; \
+ if test -f $$base; then d=.; else d=$(srcdir); fi; \
+ base_i=`echo "$$base" | sed 's|\.info$$||;s|$$|.i|'`; \
+ for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \
+ if test -f $$file; then \
+ relfile=`expr "$$file" : "$$d/\(.*\)"`; \
+ test -f "$(distdir)/$$relfile" || \
+ cp -p $$file "$(distdir)/$$relfile"; \
+ else :; fi; \
+ done; \
+ done
+
+mostlyclean-aminfo:
+ -rm -rf gnupg.aux gnupg.cp gnupg.cps gnupg.fn gnupg.ky gnupg.log gnupg.op \
+ gnupg.ops gnupg.pg gnupg.tmp gnupg.toc gnupg.tp gnupg.vr
+
+clean-aminfo:
+ -test -z "gnupg.dvi gnupg.pdf gnupg.ps gnupg.html" \
+ || rm -rf gnupg.dvi gnupg.pdf gnupg.ps gnupg.html
+
+maintainer-clean-aminfo:
+ @list='$(INFO_DEPS)'; for i in $$list; do \
+ i_i=`echo "$$i" | sed 's|\.info$$||;s|$$|.i|'`; \
+ echo " rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]"; \
+ rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]; \
+ done
+install-man1: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ { for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ test -z "$$files" || { \
+ echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(man1dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ { for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ test -z "$$files" || { \
+ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+install-dist_pkgdataDATA: $(dist_pkgdata_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(pkgdatadir)" || $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)"
+ @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \
+ done
+
+uninstall-dist_pkgdataDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(pkgdatadir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(pkgdatadir)" && rm -f $$files
+install-nobase_dist_docDATA: $(nobase_dist_doc_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
+ @list='$(nobase_dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ $(am__nobase_list) | while read dir files; do \
+ xfiles=; for file in $$files; do \
+ if test -f "$$file"; then xfiles="$$xfiles $$file"; \
+ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \
+ test -z "$$xfiles" || { \
+ test "x$$dir" = x. || { \
+ echo "$(MKDIR_P) '$(DESTDIR)$(docdir)/$$dir'"; \
+ $(MKDIR_P) "$(DESTDIR)$(docdir)/$$dir"; }; \
+ echo " $(INSTALL_DATA) $$xfiles '$(DESTDIR)$(docdir)/$$dir'"; \
+ $(INSTALL_DATA) $$xfiles "$(DESTDIR)$(docdir)/$$dir" || exit $$?; }; \
+ done
+
+uninstall-nobase_dist_docDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nobase_dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(docdir)" && rm -f $$files
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @list='$(MANS)'; if test -n "$$list"; then \
+ list=`for p in $$list; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+ if test -n "$$list" && \
+ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
+ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+ echo " typically \`make maintainer-clean' will remove them" >&2; \
+ exit 1; \
+ else :; fi; \
+ else :; fi
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-info
+check-am: all-am
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(INFO_DEPS) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" "$(DESTDIR)$(docdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-aminfo clean-generic mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am: $(DVIS)
+
+html: html-am
+
+html-am: $(HTMLS)
+
+info: info-am
+
+info-am: $(INFO_DEPS)
+
+install-data-am: install-dist_pkgdataDATA install-info-am install-man \
+ install-nobase_dist_docDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am: $(DVIS)
+ @$(NORMAL_INSTALL)
+ test -z "$(dvidir)" || $(MKDIR_P) "$(DESTDIR)$(dvidir)"
+ @list='$(DVIS)'; test -n "$(dvidir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dvidir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(dvidir)" || exit $$?; \
+ done
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am: $(HTMLS)
+ @$(NORMAL_INSTALL)
+ test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)"
+ @list='$(HTMLS)'; list2=; test -n "$(htmldir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ $(am__strip_dir) \
+ if test -d "$$d$$p"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \
+ $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \
+ echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \
+ $(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \
+ else \
+ list2="$$list2 $$d$$p"; \
+ fi; \
+ done; \
+ test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \
+ done; }
+install-info: install-info-am
+
+install-info-am: $(INFO_DEPS)
+ @$(NORMAL_INSTALL)
+ test -z "$(infodir)" || $(MKDIR_P) "$(DESTDIR)$(infodir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
+ for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ esac; \
+ if test -f $$file; then d=.; else d=$(srcdir); fi; \
+ file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \
+ for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \
+ $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \
+ if test -f $$ifile; then \
+ echo "$$ifile"; \
+ else : ; fi; \
+ done; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done
+ @$(POST_INSTALL)
+ @if (install-info --version && \
+ install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
+ list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\
+ install-info --info-dir="$(DESTDIR)$(infodir)" "$(DESTDIR)$(infodir)/$$relfile" || :;\
+ done; \
+ else : ; fi
+install-man: install-man1 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am: $(PDFS)
+ @$(NORMAL_INSTALL)
+ test -z "$(pdfdir)" || $(MKDIR_P) "$(DESTDIR)$(pdfdir)"
+ @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pdfdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pdfdir)" || exit $$?; done
+install-ps: install-ps-am
+
+install-ps-am: $(PSS)
+ @$(NORMAL_INSTALL)
+ test -z "$(psdir)" || $(MKDIR_P) "$(DESTDIR)$(psdir)"
+ @list='$(PSS)'; test -n "$(psdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(psdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(psdir)" || exit $$?; done
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-aminfo \
+ maintainer-clean-generic maintainer-clean-vti
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-aminfo mostlyclean-generic mostlyclean-vti
+
+pdf: pdf-am
+
+pdf-am: $(PDFS)
+
+ps: ps-am
+
+ps-am: $(PSS)
+
+uninstall-am: uninstall-dist_pkgdataDATA uninstall-dvi-am \
+ uninstall-html-am uninstall-info-am uninstall-man \
+ uninstall-nobase_dist_docDATA uninstall-pdf-am uninstall-ps-am
+
+uninstall-man: uninstall-man1 uninstall-man8
+
+.MAKE: all check install install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-aminfo clean-generic \
+ dist-info distclean distclean-generic distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_pkgdataDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man1 install-man8 install-nobase_dist_docDATA \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-aminfo \
+ maintainer-clean-generic maintainer-clean-vti mostlyclean \
+ mostlyclean-aminfo mostlyclean-generic mostlyclean-vti pdf \
+ pdf-am ps ps-am uninstall uninstall-am \
+ uninstall-dist_pkgdataDATA uninstall-dvi-am uninstall-html-am \
+ uninstall-info-am uninstall-man uninstall-man1 uninstall-man8 \
+ uninstall-nobase_dist_docDATA uninstall-pdf-am uninstall-ps-am
+
+
+yat2m: yat2m.c
+ $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
+
+.fig.png:
+ fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.jpg:
+ fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.eps:
+ fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.pdf:
+ fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+# Note that yatm --store has a bug in that the @ifset gpgtwoone still
+# creates a dirmngr-client page from tools.texi.
+yat2m-stamp: $(myman_sources)
+ @rm -f yat2m-stamp.tmp
+ @touch yat2m-stamp.tmp
+ for file in $(myman_sources) ; do \
+ ./yat2m $(YAT2M_OPTIONS) --store \
+ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
+ @test -f dirmngr-client.1 && rm dirmngr-client.1
+ @mv -f yat2m-stamp.tmp $@
+
+yat2m-stamp: yat2m
+
+$(myman_pages) gnupg.7 : yat2m-stamp
+ @if test -f $@; then :; else \
+ trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \
+ if mkdir yat2m-lock 2>/dev/null; then \
+ rm -f yat2m-stamp; \
+ $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \
+ rmdir yat2m-lock; \
+ else \
+ while test -d yat2m-lock; do sleep 1; done; \
+ test -f yat2m-stamp; exit $$?; \
+ fi; \
+ fi
+
+# Make sure that gnupg.texi is touched if any other source file has
+# been modified. This is required so that the version.texi magic
+# updates the release date.
+gnupg.texi : $(gnupg_TEXINFOS)
+ touch $(srcdir)/gnupg.texi
+
+# Copy shared files from the master branch. We keep the texinfo files
+# all in master so that we need to modify only one source. Macros are
+# used to customize them for a specific version.
+update-source:
+ @set -e; cd $(srcdir); \
+ for i in $(gnupg_TEXINFOS) yat2m.c ; do \
+ echo "updating from master:doc/$$i" >&2 ; \
+ git show master:doc/$$i >$$i ; \
+ done
+
+online: gnupg.html gnupg.pdf
+ set -e; \
+ echo "Uploading current manuals to www.gnupg.org ..."; \
+ cp $(srcdir)/gnupg-logo.png gnupg.html/; \
+ user=werner ; dashdevel="" ; \
+ if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
+ dashdevel="-devel" ; \
+ else \
+ rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \
+ fi ; \
+ cd gnupg.html ; \
+ rsync -vr --exclude='.svn' . \
+ $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/doc/OpenPGP b/doc/OpenPGP
new file mode 100644
index 0000000..a511ad7
--- /dev/null
+++ b/doc/OpenPGP
@@ -0,0 +1,108 @@
+ GnuPG and OpenPGP
+ =================
+
+ See RFC2440 for a description of OpenPGP. We have an annotated version
+ of this RFC online: http://www.gnupg.org/rfc2440.html
+
+
+
+ Compatibility Notes
+ ===================
+ GnuPG (>=1.0.3) is in compliance with RFC2440 despite these exceptions:
+
+ * (9.2) states that IDEA SHOULD be implemented. This is not done
+ due to patent problems.
+
+
+ All MAY features are implemented with this exception:
+
+ * multi-part armored messages are not supported.
+ MIME (rfc2015) should be used instead.
+
+ Most of the OPTIONAL stuff is implemented.
+
+ There are a couple of options which can be used to override some
+ RFC requirements. This is always mentioned with the description
+ of that options.
+
+ A special format of partial packet length exists for v3 packets
+ which can be considered to be in compliance with RFC1991; this
+ format is only created if a special option is active.
+
+ GnuPG uses a S2K mode of 101 for GNU extensions to the secret key
+ protection algorithms. This number is not defined in OpenPGP, but
+ given the fact that this number is in a range which used at many
+ other places in OpenPGP for private/experimenat algorithm identifiers,
+ this should be not a so bad choice. The 3 bytes "GNU" are used
+ to identify this as a GNU extension - see the file DETAILS for a
+ definition of the used data formats.
+
+
+
+ Some Notes on OpenPGP / PGP Compatibility:
+ ==========================================
+
+ * PGP 5.x does not accept V4 signatures for anything other than
+ key material. The GnuPG option --force-v3-sigs mimics this
+ behavior.
+
+ * PGP 5.x does not recognize the "five-octet" lengths in
+ new-format headers or in signature subpacket lengths.
+
+ * PGP 5.0 rejects an encrypted session key if the keylength
+ differs from the S2K symmetric algorithm. This is a bug in its
+ validation function.
+
+ * PGP 5.0 does not handle multiple one-pass signature headers and
+ trailers. Signing one will compress the one-pass signed literal
+ and prefix a V3 signature instead of doing a nested one-pass
+ signature.
+
+ * When exporting a private key, PGP 2.x generates the header
+ "BEGIN PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY
+ BLOCK". All previous versions ignore the implied data type, and
+ look directly at the packet data type.
+
+ * In a clear-signed signature, PGP 5.0 will figure out the correct
+ hash algorithm if there is no "Hash:" header, but it will reject
+ a mismatch between the header and the actual algorithm used. The
+ "standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x
+ rejects the "Hash:" header and assumes MD5. There are a number
+ of enhanced variants of PGP 2.6.x that have been modified for
+ SHA-1 signatures.
+
+ * PGP 5.0 can read an RSA key in V4 format, but can only recognize
+ it with a V3 keyid, and can properly use only a V3 format RSA
+ key.
+
+ * Neither PGP 5.x nor PGP 6.0 recognize ElGamal Encrypt and Sign
+ keys. They only handle ElGamal Encrypt-only keys.
+
+
+ Parts of this document are taken from:
+ ======================================
+
+ OpenPGP Message Format
+ draft-ietf-openpgp-formats-07.txt
+
+
+ Copyright 1998 by The Internet Society. All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph
+ are included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+
diff --git a/doc/TRANSLATE b/doc/TRANSLATE
new file mode 100644
index 0000000..8dfc183
--- /dev/null
+++ b/doc/TRANSLATE
@@ -0,0 +1,62 @@
+$Id$
+
+Note for translators
+--------------------
+
+Some strings in GnuPG are for matching user input against. These
+strings can accept multiple values that mean essentially the same
+thing.
+
+For example, the string "yes" in English is "sí" in Spanish. However,
+some users will type "si" (without the accent). To accomodate both
+users, you can translate the string "yes" as "sí|si". You can have
+any number of alternate matches seperated by the | character like
+"sí|si|seguro".
+
+The strings that can be handled in this way are of the form "yes|yes",
+(or "no|no", etc.) There should also be a comment in the .po file
+directing you to this file.
+
+
+Help files
+----------
+
+GnuPG provides a little help feature (entering a ? on a prompt). This
+help used to be translated the usual way with gettext but it turned
+out that this is too inflexible and does for example not allow to
+correct little mistakes in the English text. For some newer features
+we require editable help files anyway and thus the existing help
+strings have neen moved to plain text files names "help.LL.txt". We
+distribute these files and allow overriding them by files of that name
+in /etc/gnupg. The syntax of these files is documented in
+doc/help.txt. This is also the original we use to describe new
+possible online help keys. The source files are located in doc/ and
+need to be in encoded in UTF-8. Strings which require a translation
+are disabled like this
+
+ .#gpgsm.some.help-item
+ This string is not translated.
+
+After translation you should remove the the hash mark so that the
+entry looks like.
+
+ .gpgsm.some.help-item
+ This string has been translated.
+
+The percent sign is not a special character and if there is something
+to watch out there will be a remark.
+
+
+
+Sending new or updated translations
+-----------------------------------
+
+Please note that we do not use the TP Robot but require that
+translations are to be send by mail to translations@gnupg.org. We
+also strongly advise to get subscribed to i18n@gnupg.org and request
+assistance if it is not clear on how to translate certain strings. A
+wrongly translated string may lead to a security problem.
+
+A copyright disclaimer to the FSF is required by all translators.
+
+
diff --git a/doc/com-certs.pem b/doc/com-certs.pem
new file mode 100644
index 0000000..43e93b7
--- /dev/null
+++ b/doc/com-certs.pem
@@ -0,0 +1,484 @@
+# Common certificates for initial keybox creation.
+
+Issuer ...: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support@cacert.org
+Serial ...: 00
+Subject ..: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support@cacert.org
+
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+Serial ...: 32D18D
+Subject ..: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
+IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
+wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
+mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
+ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
+IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
+XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 2A
+Subject ..: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAw2gAwIBAgIBKjAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG
+A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzEwUi1DQSAxOlBOMB4X
+DTA1MDgwMzE1MzAzNloXDTA3MTIzMTE1MDkyM1owPzELMAkGA1UEBhMCREUxGjAY
+BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMFItQ0EgMTpQTjCB
+oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAiHXC5/hw6rYNc/4cilHLjd/SqwS3
+4LaogQHZVFciyYJ0+5gAfca/kLnPEvOUuYSYNfb2ar0e/iDPxZAAEfqfVGuRT9Pa
+R7hWvPiZUFpoGcNvyOVxKuM9Iyx/i1wan/wS6u12QIgGBUek5ig1+TTwuuNcanlW
+kQPuodHs+BoUGHMCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB
+BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG
+Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw
+EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh
+cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50
+dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp
+b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUw8916sARU0UT/pdlYwBpUwKWuWQwHQYDVR0OBBYE
+FMPPderAEVNFE/6XZWMAaVMClrlkMAoGBiskAwMBAgUAA4GBAGXK8m/O9KmfaZuA
+1GzMyasIHx8Lu+V0da8NTZzAmqAl+44MtS4QNcZdtxsDvOcqHHs1Tosh9D398hSG
+hXd6gjniKWxMKvjL8TQKu999QIn6YKLCowjUYpp8v4B9X8jNa9vJy2EzoPOBmdWT
+l5hhXfvWpPe68kN9zaEmcDO+m60H
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+Serial ...: 02
+Subject ..: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIEEjCCA36gAwIBAgIBAjAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG
+A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv
+biB1bmQgUG9zdDETMBEGA1UEAwwKOVItQ0EgMTpQTjAeFw0wNDExMjUxNDU5MTFa
+Fw0wNzEyMzExNDU2NTlaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll
+cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw
+EQYDVQQDDAo5Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCN
+0ECEO2KjPsHBz2cmOSePEmKEH33Q/vRUl1u8D2Uus3txZgqRvCs0F7HzAtDJKSap
+C1+qj5t1R4g8jrlWwsqi+oOc3bpUuPMLo+ys9PG7ODK+xZuwFlezO6rj30mEj+y0
+HMxCaTAedim2J5CmWcqQtATGGzwqYHEVFYo0y5kuuQIEQAAAgaOCAd0wggHZMA4G
+A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF
+BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw
+L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E
+gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D
+UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p
+a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k
+ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs
+YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB
+wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRnBgT5ZxC7e1vJLBj+
+92+P1kZrJzAdBgNVHQ4EFgQUZwYE+WcQu3tbySwY/vdvj9ZGaycwCgYGKyQDAwEC
+BQADgYEACAnkgbAd47VgJqu5CY3B6AlxbGkor2guYHXO+KgBkQeXDVWt4ZvN9hY2
+blhPMc/sLv+Tmg9zjyzjqQdxhWXUDoctorBny8LQQQvMqAtc8qk6DL+X0heq1U2k
+s1e8wj9AUGOfvmSL/r1BWPzLOCWay2bHQCQ1sU5QnvNbmJO21GI=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 2D
+Subject ..: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAw2gAwIBAgIBLTAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG
+A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzExUi1DQSAxOlBOMB4X
+DTA1MDgwMzE4MDk0OVoXDTA3MTIzMTE4MDQyOFowPzELMAkGA1UEBhMCREUxGjAY
+BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMVItQ0EgMTpQTjCB
+oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAkodoSFtoGjJphYloxQLsmyOe/M5h
+UpURxSkop41MtGlrHeOeQsxMSRdCJInwjLKZg9Pxd92QFsB3f6AJUGTO7z6PJ/ST
++m0EBksoPtciWLYtlRXtD/RK6mUB7CG5CfqK6AUHbWtXW6mNAZLoJOd0jLsQCUi8
+XmHP92vfmW2ptSkCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB
+BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG
+Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw
+EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh
+cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50
+dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp
+b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUXYAPovSdSBb8oBS7lEJmWSK6incwHQYDVR0OBBYE
+FF2AD6L0nUgW/KAUu5RCZlkiuop3MAoGBiskAwMBAgUAA4GBAIxx56h5+p2lqK0v
+hRVwkWAAPduspH4U9q7QsFIWbEkFe+2TcXx7MV9NAUe4kN9MsN9CEgSSeLDfpIFA
+uyHndqgmDaqXmWSDl2QutHQwSj8a04bSNbY7s0FUCMqrr/465Rf6quIWi7qXhwDe
+yDmXv3nzPTGVM3F+aavJCybjJ1qk
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 0139
+Subject ..: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIErTCCA5WgAwIBAgICATkwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx
+GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMlItQ0EgMTpQ
+TjAeFw0wNzA1MjUxMTAxNDRaFw0xMjA1MjUxMDU2MDdaMD8xCzAJBgNVBAYTAkRF
+MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTJSLUNBIDE6
+UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCYOqYxUqr6ZdlIuVaz
+1raETmld82tCCFjUnIlHGpaTbBGQ9ddW4pdkdNmK4dHDesAnGFB6tgZzFTYivjTY
+Jyzv3NunMth8AjwCivQ0u2RBlunY2jg6dNSeTwGlmOlG709HgWPHvvAboqLDoV81
+knMbNbG4P7Ff/+lsTnbN/gT0X5fHUz5UO3eowyl2kD6GBZwb+noR/86U0V39yXsk
+ZD/NNBXKOzKo9VXx09S1Uq027Cc+VIa62DWUeUGiUDjCXXJoaAF2wQcD/crrAJlU
+zeOVZkSzRJXpjpG8kZhKgSgOpgfnpjDXAXWbkJuyDL2fqXLPxAyBq3ThgUHZT99s
+QSd3AgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww
+CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v
+b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL
+MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw
+Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs
+ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
+c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw
+GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G
+A1UdIwQYMBaAFATenX/fQ3KJumlJAfToSSjeAhlvMB0GA1UdDgQWBBQE3p1/30Ny
+ibppSQH06Eko3gIZbzANBgkqhkiG9w0BAQ0FAAOCAQEADf4IOMHGmSpkPc1UP0LS
+sK8Y/xXvOgdHPx4f2CpcgUKRRk+Ue9MKiZG0KCFaNK9Qpnxejuk42Iu3flC5kn8T
+fPQWtxC3ZQqD8sd6EX/FDdfkHJFJ9rIYKiSG6m2PDBUcbpQZ9kwhC7qCKE1coUhb
+FW3WbntkDtrQycz7ZyQ6Ip+PpRoxwToJqTsExb+8whukhOo1vsgdaMZS/6iwwVkt
+rJvl7EWMJVWctm15iDQzp4sawgSOg7U5icyTb1q+FqI5KlAfd/dRbv2yvThiOl7+
+bfN9Brosoxtwi/uJO8vSGOCIUUkiGhIk7+OX+mvppTG+7R1Jn6Af6AOzGSbQz5Ks
+Uw==
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 013C
+Subject ..: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIErTCCA5WgAwIBAgICATwwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx
+GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxM1ItQ0EgMTpQ
+TjAeFw0wNzA1MjkxMTAyMzdaFw0xMjA1MjkxMDU1NTRaMD8xCzAJBgNVBAYTAkRF
+MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTNSLUNBIDE6
+UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCaXK0TY+Vp+Hxx8B9D
+lrHkc0zRdhXNuDP4Cedl9e6wPwdi90HVEjDK3FoDv7UPBtgGwMzRUQVIz/etbcQr
+tnGwSQlsDI/Q5R1HAh241+/rWYodi6OqNsNeb065RRBlwHAa4uvT3b/Cj/OJI5Kp
+6qRPquK0iuMaFwuxGCxfhTLOmmGVNYOE7/9UzKXA2yvthY3jfmIm18l/z08PgUYj
+rjENdrez3ZRgjZ/XsXSNw3B2K3cZQ+xRP4rqfkmfPO8T6UhOeoiQFx2v1PizBWRQ
+uiUtFjrCiaDeBjo3kfGgbpdPnHzqUEoEOyAlsglFLJC9xaCiLtt2ic1/1OFFlNgQ
+tLJLAgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww
+CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v
+b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL
+MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw
+Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs
+ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
+c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw
+GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G
+A1UdIwQYMBaAFAYenQPZrutto05LK939ru/TEqiNMB0GA1UdDgQWBBQGHp0D2a7r
+baNOSyvd/a7v0xKojTANBgkqhkiG9w0BAQ0FAAOCAQEADrtfqJ8lnYsVyV5YK/H/
+evPf9LY1AfuuQkMkm9UP9a9BBQINoIULB+n+gF/c0dxEboF74Ikp08dhDOq0mjvj
+f0lpsBPgX/eN9IOWdMBs3rKIXn7suOoUtnBuFgW6fJ32CPTLUQd5Dqv9DizTiKMf
+X66oMBQD784IKya1bLaJd7x1UXtP1h2DAej1scF9DbiDDDieuid0wyibrPDgjUN1
+tbYiLH2did0zZRLlp6gDpgh4t8Efqb7XDijKzQHvWKzr4IALTpYoD42yeslMa5yV
+mm15NhiRGAdX+JbvYgfP3aDIMX/yoaMB8GXEUq7CmFhAwpxfhy/oyvswX5MyE8D2
+Lw==
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+Serial ...: 01
+Subject ..: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIEEjCCA36gAwIBAgIBATAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG
+A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv
+biB1bmQgUG9zdDETMBEGA1UEAwwKOFItQ0EgMTpQTjAeFw0wNDExMjUxNDEwMzda
+Fw0wNzEyMzExNDA0MDNaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll
+cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw
+EQYDVQQDDAo4Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCS
+DvtngJbI4K8sbCHFfCalXaDa7xgc2pdsL2oQlgZygt1EY5ZgZB93JThnDSaDzdLj
+ZIPrXJLxCOLq6Kmxj63V9p9WUaF5nz/6PVRMmLzI7cvh5QDjsX4ZmEzm/it7e/YH
+vC1Yiw5bTULjwVZ27vqO64mhplQM3HKVgk6FX51XnwIEQAAAgaOCAd0wggHZMA4G
+A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF
+BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw
+L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E
+gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D
+UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p
+a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k
+ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs
+YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB
+wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTuKY5dMBMWc1wFL/fr
+arlCuHKNBDAdBgNVHQ4EFgQU7imOXTATFnNcBS/362q5QrhyjQQwCgYGKyQDAwEC
+BQADgYEAbDMwH4zJB/0qgmbBWvvCGJsm9lmLzLdOcB8HCm1EvlCLqaCX7TwoUuBN
+voxU9OHt1wAbChNP+ueDmI/0u2KRNv6/t4cOB8d4navwsW5nmknSzdZ6UZTUfmCr
+n6XIdUtl2hkiFlQpCvCIBFj/+PjQRMdovRN42EQ9XVhb5B2MGv8=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+Serial ...: 00C48C8D
+Subject ..: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIICaTCCAdWgAwIBAgIEAMSMjTAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
+MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
+dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBO
+MCIYDzIwMDExMDE1MTExNTE1WhgPMjAwNjAyMTUxMTE1MTVaMG8xCzAJBgNVBAYT
+AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
+dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjdSLUNB
+IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIqJA/4+pRD+BXsRd+ej
+qVObXlKRhn1CoyKxVwR3O/RtE1M4FcajKDdT1p1pLULyqPBE2roMS5D/f83192gE
+Mw1uGZIusehg6n8tPQIJPkSb4X22yM0ZFeLAQXKNJ+98e03xv/TU4Fa//elPiPs/
+9Y99Gm6DOvTpCxIY8QK9Pxm7AgUAwAAAAaMSMBAwDgYDVR0PAQH/BAQDAgEGMAoG
+BiskAwMBAgUAA4GBADnITH+fLD0qsWcAncwPztzTAnqUw9O0+yvfmxvEU0zcJRuF
+Tl8DK+/aKp4SwVhRJZlWxenHzkjWynsUXBUv878gizllRpA7265REyHQki4NnxAi
+OGxEVGe/NbGeU88Pgnk7alhtdA/Ty8/WX9a3U/0G4pLaJppxGSm+ypQZ0XOY
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+Serial ...: 00B95F
+Subject ..: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+ aka ..: info@d-trust.net
+ aka ..: (uri http://www.d-trust.net)
+
+-----BEGIN CERTIFICATE-----
+MIIFCjCCA/KgAwIBAgIDALlfMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm
+aWVkIFJvb3QgQ0EgMSAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy
+NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG
+A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAxIDIwMDY6UE4wggEkMA0G
+CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCPACqp8H/KTbDBUM8BTiRzsfCJmN5G
+Uxv8x3wsYLMtZ8meq04vEun2OneNeKZ2LxJy3UchUWitYP9pLPt9M8yt0pyuOXOQ
+5r2RPAM46OlfStoPbZ+lCxpZbNcQGLM+/OcQU9GoCNWWkDSctwIN8T4mUf7vSzuT
+jM4n5NHW7Y8bANhH7lh2fwkfIk7PxsxFw9amptlqzDqbBPz8/SdBUFt0G8t52Niw
+lcYHWDV2YH4Qs1SAxOsyG0O8hpYKiKIwRHxPu5ZD3bMgDJXA3d+9zXlrLlmL0YFC
+tvlPxmvqUhmMsL4vGEj/xWivULCTVOz6KcJ9edWwK9JxyO/KmGyDLwKxAgUApBVt
+/aOCAeUwggHhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJr+c6YCNnohJ6M3
+fhSzwwTq2CkWMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j
+c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs
+MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI
+KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwggEABgNVHR8E
+gfgwgfUwgfKgge+ggeyGgaVsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NO
+PUQtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAxJTIwMjAwNiUzQVBO
+LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0
+P2Jhc2U/b2JqZWN0Q2xhc3M9Y3JsRGlzdHJpYnV0aW9uUG9pbnSGQmh0dHA6Ly93
+d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfcXVhbGlmaWVkX3Jvb3RfY2FfMV8y
+MDA2X3BuLmNybDANBgkqhkiG9w0BAQUFAAOCAQEABsVNHg5zVMB+A4swJ8/vW+RV
+mW8KZiJb5AVytFzBeZkkF2+DXFMtursZ0sICIcRCSsNyAQcqHqzcgnDWCHASlu4o
+Em3TeBsmWo8r/uGpbFVAOhjq2VOFwjjIr3TC7zmMoLE+WGBRSuZh4/5wnxQ+NNbY
+8HHE52UPI6VyV7RZeE0IZfbjkejw8WpvNtRfc6NxOCxf1LYibiCUaYs+EBDD+eod
+lWwpmHwPSj4GCzR9wBdbWML/GQZ6iFVOuEmApm2B11KEn4hvKtRMEp1CdHIn8Jwx
+51E89XcjJOIitO0lUozimqvlUb0lEynXe1/CUOhAsiAnLvq0GbnjFN6+9GRnqg==
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+Serial ...: 00B960
+Subject ..: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+ aka ..: info@d-trust.net
+ aka ..: (uri http://www.d-trust.net)
+
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIDALlgMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm
+aWVkIFJvb3QgQ0EgMiAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy
+NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG
+A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyIDIwMDY6UE4wggEkMA0G
+CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQC9p9EZM645WSti4m3Lp/m5Cu2PCeAf
+DYMsN2UQab5SAD94wc0xB68rhD0QiyXT1bhqnHKGhdsmmNwVbFLWyFWVc69+5pbx
+jkEa1Z5oYbftpLZlqblas/iPG1C546c/O5JUHehrpyJziTaIqvDm0hMCarEGrd4i
+hdwP7XsLNLeHFVdpVMWKUIJjUud18Wyr6MVRGs85YTme2gPki8JZMjeOteTA8dnY
+unohiJM1rs8YQiYgIfQJV5oBd7OWZQLSuoh5tddYnP4KDFZUCCsC1OkBD+MnVlcv
+IEfrDDuWdvFgOdS8FB5l4E3D0eYPpn536EDpWeGuCnn8joQPdiMwwGL7AgUAuaHl
+M6OCAeEwggHdMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFILMyG0qJl9Aqmsa
+DhPJE4d+Xp/JMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j
+c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs
+MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI
+KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwgf0GA1UdHwSB
+9TCB8jCB76CB7KCB6YaBpWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049
+RC1UUlVTVCUyMFF1YWxpZmllZCUyMFJvb3QlMjBDQSUyMDIlMjAyMDA2JTNBUE4s
+Tz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/
+YmFzZT9vYmplY3RDbGFzcz1jcmxEaXN0cmlidXRpb25Qb2ludIY/aHR0cDovL3d3
+dy5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9xdWFsaWZpZWRfcm9vdF9jYV8yXzIw
+MDYuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB/TeSQASSUVjLVpTMB+S2bEYZWL04N
+5UO5sIdV5MQFxmbmQNam4odnkOx/GjHy0uuf14Pz7lztlLh4EMvEZbvoQ8wRsrrl
+vMjWBUSnhTMPhohj4gUCEJDBq50qi0057Jos9DF4iLaFgiWBER+FeSHD8uEy6WGG
+UrQ9fw8wRa+CRUeZldtZ25VSR++wxBuX3bkF/hRBuSk9PzT6jZojZDWKsqhPGo0W
+dK4V81hS4Zri3b3gSD/3iOAJ4EO8jdyeSVomw/u1UOapVFnWhpN7H6Nwekij66eO
+4WNzbeTNgJtkdOlzW2AcsWe3mS43BE286z7l/DzDs8JK36va/TRHb29p
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2006-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+Serial ...: 00DF749F80AA51F0EDC0CB1FC183E97EE2
+Subject ..: /CN=S-TRUST Qualified Root CA 2006-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIETDCCAzSgAwIBAgIRAN90n4CqUfDtwMsfwYPpfuIwDQYJKoZIhvcNAQEFBQAw
+gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
+KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
+c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
+dCBDQSAyMDA2LTAwMTpQTjAeFw0wNjAxMDEwMDAwMDBaFw0xMDEyMzAyMzU5NTla
+MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
+VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
+YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
+b3QgQ0EgMjAwNi0wMDE6UE4wggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIB
+AQCCp5M7qIP3WgNNE9t4kxFLb2HdwE2pivcWfEjFh9AJcwZIaD781+OhuNxhMEil
+C+B9N3bYgLMj7r/LbIFwRVmUf9E64kBDrY/wLAlXLpiicOiKE7rS1tcOAdD69s7I
+5jaBXCz/eQo20QLsp11/btwYos9PlfptLqHjS8AUwUaMyolqmWqaxLD33ZfoQswP
+FpyFFzAnRondt/5WUt244kpqgTlwP4o9J1AZamK5o/kKEXl8hDT6CulFoK51cX/J
+C9lEA10mwchVfv+9cel9b2ryPXg3hPf1XFFR+l90/ZYlreaSKz5+LluI6a/ALtYl
+hqJpvndXm6YZDzKKtxT3LZ1DAgUA8A8a46OBgDB+MBIGA1UdEwEB/wQIMAYBAf8C
+AQEwDgYDVR0PAQH/BAQDAgEGMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwHQYD
+VR0OBBYEFKhXJN3CR/Jkirm68N+VHxcd09zBMB8GA1UdIwQYMBaAFKhXJN3CR/Jk
+irm68N+VHxcd09zBMA0GCSqGSIb3DQEBBQUAA4IBAQBB8UGGU179RK9v5SglLn8m
+AdBrwG5B4x0nlI3Ayj+GuP9R8ALcMEBwcFgSZTav7N8ERKa8VlCRNria7Fvf3kOu
++f67smpShBvEkrHy+ThvezBUtLfSSd1HzvaPnfwu86DMVnTIOkEcl0KLrpc/ZjEt
+u81iHuiHBemf6gWdTCApiJ+CN4tARi3irvWcjhz/IIcA/ZwAaCW22Z1ysDklCIPS
+9OnX9ki1f73PR+kdo4G7Dfo7TbuvV5Kzeh54sZ77A5utdvKer4ZHBmn9CGmk4VeI
+BWdFlE7Fispzm+jZCduF0TcazvP/tYontx71GQnHRwLfiY4xnuzXEoSNXoaHzhzO
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2007-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+Serial ...: 00BC098E0402E92956B8D7DE74977E26F7
+Subject ..: /CN=S-TRUST Qualified Root CA 2007-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw
+gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
+KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
+c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
+dCBDQSAyMDA3LTAwMTpQTjAeFw0wNzAxMDEwMDAwMDBaFw0xMTEyMzAyMzU5NTla
+MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
+VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
+YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
+b3QgQ0EgMjAwNy0wMDE6UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIB
+AQCnJdNNiDQLKpPIfHTC3ifleXWTf96hLfvP58q41fuywQ+rXju453yjPgr/ej5i
+RgYPyJnSc498wyu/XtPLIC3gQvowfiI8WmSj/eEToHUhrLIAtx1VXSi/Rugt3E1Y
+uYGkPn/gnrkk+RtPJQuBl1NRxKEVi7rg1Ch5RJvWsUTOmxgeWlr8qZnPoLkA2y6N
+lhL6LP3Th+OQIH4RFFfazNYWpH4Cg6I5nzyieHaR6LrGk0L7GfDKdZG4Eqan3JvI
+ilrFHzzCm7qudd+31jcRamReqZqJ0wzBmY1LNAzDyCAC3Y+YWEz8crhDW3mK/wFY
+H0RHHeow06RMTEVwls+FrhWfAgRAAACBo4GAMH4wEgYDVR0TAQH/BAgwBgEB/wIB
+ATAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNV
+HQ4EFgQUPAujGBtjPCldr0A+EM4YCZSIX1cwHwYDVR0jBBgwFoAUPAujGBtjPCld
+r0A+EM4YCZSIX1cwDQYJKoZIhvcNAQELBQADggEBAJ1pVXXcVb9m0yRPjvE4Rvko
+tdjIm29YnY13ILCrPqjfgtpSlId6NHPhykGLkw3ratNlWQp3rmen/8EqQJa0rsPD
+CiB20ilLb1CmF8/SViJ26C+K0ayzk8s2v7S/m7/Tx9Dgd2PXWwy2XjeGG/2SkISH
+5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK
+L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6
+DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew=
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2008-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+Serial ...: 00B3963E0E6C2D65125853E970665402E5
+Subject ..: /CN=S-TRUST Qualified Root CA 2008-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIRALOWPg5sLWUSWFPpcGZUAuUwDQYJKoZIhvcNAQELBQAw
+fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1
+dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg
+UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDE6UE4wHhcNMDgwMTAxMDAwMDAwWhcN
+MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0
+MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG
+A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMTpQTjCCASMw
+DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAKfUBh+i0NSWzddPtWG15DdTqbPM
+SJmeWw6dXutkR6UNonxC+yAm6rfZJhb83tPGB09qlAcNn7fcdR/g4SNdu3McwT+J
+HKHou6hhbMZmsza72Qcj9P/AwWq/o5oJa2eI4pU7I5YjS3x3oGtvmhJkwYiehIyx
+7DI+wHKcohwJV83jlZW3YrPmKgpaOZsc5lJM/+Ha4Q77MLPWHdCnxUkrbL1+Q/Ea
+qY+DoMMa9wxY+UmwbKe8ANfAf2NIMfJwmb748f+7EJMLjUA8nxrQ4iAPJ1lSrfZs
+d9cjzjdXZnhLvR9T2nNa2nROOHk2ARCOPAJgxk9EheRr4B6RbJ4hinuydJUCBEAA
+AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w
+ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No
+ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw
+MDFQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl
+L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMSUz
+QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T
+dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO
+BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E
+FgQU7UBDbxBuOWcii/O2xVNRExXxPj0wHwYDVR0jBBgwFoAU7UBDbxBuOWcii/O2
+xVNRExXxPj0wDQYJKoZIhvcNAQELBQADggEBAEdeesrApdpV+0cz698ZM+fsbcmk
+AYTy8U1vcnEPzcxaEAvUO57ndJlSdBK7+5yFbVuFW7CTp90TPgljoDqWDOI2hsLU
+YxrHUfDCwsm/ALLDpImRKWGZ07nKxOHGAOxB4tQUaDUHwaClbw3UB3nBi9++f9d0
+FLM9oOVxbhKGco4/qo3LP+QfJU6xjL8itqaf0WHXcnN69CD/5D7e/iziwHvLWLEU
+0cUXVDzdyWKEvJ3RpFIk6EUulKFHZrCctis1ixg/iQybKs2DWG/RtCo6CGhtydT8
+I1y6qAwPL2gAt+ypf+Mk4SLewnpXlw6ZVDQlLEBLGto72DAyJTxRh8f6BpY=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2008-002:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+Serial ...: 00C4216083F35C54F67B09A80C3C55FE7D
+Subject ..: /CN=S-TRUST Qualified Root CA 2008-002:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIRAMQhYIPzXFT2ewmoDDxV/n0wDQYJKoZIhvcNAQELBQAw
+fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1
+dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg
+UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDI6UE4wHhcNMDgwMTAxMDAwMDAwWhcN
+MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0
+MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG
+A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMjpQTjCCASMw
+DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAJCrKgvHaZdd5LpNAlVZVf8a3CJY
+lBUt4Awwlu5q9wnkObVGHyekGLG6h7wMrY9OCL4uqWn9vIz+5vGXMEvU+NniMXIn
+JodZS8CbBBYUxS42PgZp7TNCd4gglEA1xOhsQH8T9iRZzdRCLyZYjysYsHiujn/x
+7y0+nxQsYu2mONaPFZq7ZBsDlAk5BPdIZCrutHDHe5inKwbpDUdpnKFlM1UDZ3eS
+4dl+YT/3t4QSJAVHVFz/Pzf1tevpMFYP4M7jHaktp327GMtrhYlpeoSZRc1cizHU
+Vdhj6Foyj1wWkQMwvb1ChPbRxS+4V3b6R+vgelULDBqFSF0Rtj/kRUgT/q8CBEAA
+AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w
+ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No
+ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw
+MDJQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl
+L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMiUz
+QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T
+dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO
+BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E
+FgQUIQpnbAV/rAz9qSo/4q/3/TlplqwwHwYDVR0jBBgwFoAUIQpnbAV/rAz9qSo/
+4q/3/TlplqwwDQYJKoZIhvcNAQELBQADggEBAHRr6IiNPkWJYHVa8vi4tufRG9nE
+Yy8t2ll8xbu4ar+LXCqbttdaQzVU/7RCX4S1aPm6wb9WFJU+/JfZHpez+gJ9uIFy
+6rYJDxZ4qTxaGnIKGguZbEkpvne38/vtyjR5RuCj5AwEuP7Vy7/j5O1WZDoROMoD
+rRsBHLtg90aDVou0IG+wK5+RPOixSMjfMf79uixHrsriMHrzulTEMmX+S+VfXGmO
+G1RRiCiWgYaEtSIDAP0V9ehpcghfJLlmMBnxSf4n7OZvkd1whvme2rXaQxnZi2qV
+d2qclY03eJ7zx6Zpq8VFuVvOxvmFZ4mMe706runhCq+rHc5x6x0/oIMhDrk=
+-----END CERTIFICATE-----
+
diff --git a/doc/contrib.texi b/doc/contrib.texi
new file mode 100644
index 0000000..bb558bd
--- /dev/null
+++ b/doc/contrib.texi
@@ -0,0 +1,106 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Contributors
+@unnumbered Contributors to GnuPG
+@cindex contributors
+
+The GnuPG project would like to thank its many contributors. Without
+them the project would not have been nearly as successful as it has
+been. Any omissions in this list are accidental. Feel free to contact
+the maintainer if you have been left out or some of your contributions
+are not listed.
+
+David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils
+Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner
+Koch wrote the code. Birger Langkjer, Daniel Resare, Dokianakis
+Theofanis, Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy
+Ferenc László, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz
+Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan,
+Magda Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri,
+Nilgun Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung
+Bauermann, Rafael Caetano dos Santos, Toomas Soome, Urko Lusa, Walter
+Koch, Yosiaki IIDA did the official translations. Mike Ashley wrote
+and maintains the GNU Privacy Handbook. David Scribner is the current
+FAQ editor. Lorenzo Cappelletti maintains the web site.
+
+The new modularized architecture of gnupg 1.9 as well as the X.509/CMS
+part has been developed as part of the Ägypten project. Direct
+contributors to this project are: Bernhard Herzog, who did extensive
+testing and tracked down a lot of bugs. Bernhard Reiter, who made sure
+that we met the specifications and the deadlines. He did extensive
+testing and came up with a lot of suggestions. Jan-Oliver Wagner made
+sure that we met the specifications and the deadlines. He also did
+extensive testing and came up with a lot of suggestions. Karl-Heinz
+Zimmer and Marc Mutz had to struggle with all the bugs and
+misconceptions while working on KDE integration. Marcus Brinkman
+extended GPGME, cleaned up the Assuan code and fixed bugs all over the
+place. Moritz Schulte took over Libgcrypt maintenance and developed it
+into a stable an useful library. Steffen Hansen had a hard time to
+write the dirmngr due to underspecified interfaces. Thomas Koester did
+extensive testing and tracked down a lot of bugs. Werner Koch designed
+the system and wrote most of the code.
+
+The following people helped greatly by suggesting improvements,
+testing, fixing bugs, providing resources and doing other important
+tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand
+Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews,
+Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian
+Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de
+Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere,
+Christian Kurz, Christian von Roques, Christopher Oliver, Christian
+Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave
+Dykstra, David C Niemi, David Champion, David Ellement, David
+Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef
+Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas
+Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo
+Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish
+stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank
+Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Gaël
+Quéri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni,
+Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery
+Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger
+Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian
+McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz
+A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von
+Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael
+Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John
+A. Martin, Johnny Teveßen, Jörg Schilling, Jos Backus, Joseph Walton,
+Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten
+Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde,
+Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M
+Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus
+Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl,
+Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew
+Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael
+Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev,
+Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson
+H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye,
+Oliver Haakert, Oskari Jääskeläinen, Pascal Scheffers, Paul D. Smith,
+Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter
+Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong,
+Ralph Gillen, Rat, Reinhard Wobst, Rémi Guyomarch, Reuben Sumner,
+Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann,
+Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam
+Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge
+Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann,
+Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven
+Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen
+Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA
+Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen,
+Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko
+Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann,
+Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki
+IIDA, Yoshihiro Kajiki and Gerlinde Klaes.
+
+This software has been made possible by the previous work of Chris
+Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
+Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
+Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
+mathematicians and all the folks who have worked hard to create
+complete and free operating systems.
+
+And finally we'd like to thank everyone who uses these tools, submits
+bug reports and generally reminds us why we're doing this work in the
+first place.
diff --git a/doc/debugging.texi b/doc/debugging.texi
new file mode 100644
index 0000000..c83ab1e
--- /dev/null
+++ b/doc/debugging.texi
@@ -0,0 +1,277 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Debugging
+@chapter How to solve problems
+
+Everyone knows that software often does not do what it should do and thus
+there is a need to track down problems. We call this debugging in a
+reminiscent to the moth jamming a relay in a Mark II box back in 1947.
+
+Most of the problems a merely configuration and user problems but
+nevertheless there are the most annoying ones and responsible for many
+gray hairs. We try to give some guidelines here on how to identify and
+solve the problem at hand.
+
+
+@menu
+* Debugging Tools:: Description of some useful tools.
+* Debugging Hints:: Various hints on debugging.
+* Common Problems:: Commonly seen problems.
+* Architecture Details:: How the whole thing works internally.
+@end menu
+
+
+@node Debugging Tools
+@section Debugging Tools
+
+The GnuPG distribution comes with a couple of tools, useful to help find
+and solving problems.
+
+@menu
+* kbxutil:: Scrutinizing a keybox file.
+@end menu
+
+@node kbxutil
+@subsection Scrutinizing a keybox file
+
+A keybox is a file format used to store public keys along with meta
+information and indices. The commonly used one is the file
+@file{pubring.kbx} in the @file{.gnupg} directory. It contains all
+X.509 certificates as well as OpenPGP keys@footnote{Well, OpenPGP keys
+are not implemented, @command{gpg} still used the keyring file
+@file{pubring.gpg}} .
+
+@noindent
+When called the standard way, e.g.:
+
+@samp{kbxutil ~/.gnupg/pubring.kbx}
+
+@noindent
+it lists all records (called @acronym{blobs}) with there meta-information
+in a human readable format.
+
+@noindent
+To see statistics on the keybox in question, run it using
+
+@samp{kbxutil --stats ~/.gnupg/pubring.kbx}
+
+@noindent
+and you get an output like:
+
+@example
+Total number of blobs: 99
+ header: 1
+ empty: 0
+ openpgp: 0
+ x509: 98
+ non flagged: 81
+ secret flagged: 0
+ ephemeral flagged: 17
+@end example
+
+In this example you see that the keybox does not have any OpenPGP keys
+but contains 98 X.509 certificates and a total of 17 keys or certificates
+are flagged as ephemeral, meaning that they are only temporary stored
+(cached) in the keybox and won't get listed using the usual commands
+provided by @command{gpgsm} or @command{gpg}. 81 certificates are stored
+in a standard way and directly available from @command{gpgsm}.
+
+@noindent
+To find duplicated certificates and keyblocks in a keybox file (this
+should not occur but sometimes things go wrong), run it using
+
+@samp{kbxutil --find-dups ~/.gnupg/pubring.kbx}
+
+
+@node Debugging Hints
+@section Various hints on debugging.
+
+@itemize @bullet
+
+@item How to find the IP address of a keyserver
+
+If a round robin URL of is used for a keyserver
+(e.g. subkeys.gnupg.org); it is not easy to see what server is actually
+used. Using the keyserver debug option as in
+
+@smallexample
+ gpg --keyserver-options debug=1 -v --refresh-key 1E42B367
+@end smallexample
+
+is thus often helpful. Note that the actual output depends on the
+backend and may change from release to release.
+
+@ifset gpgtwoone
+@item Logging on WindowsCE
+
+For development, the best logging method on WindowsCE is the use of
+remote debugging using a log file name of @file{tcp://<ip-addr>:<port>}.
+The command @command{watchgnupg} may be used on the remote host to listen
+on the given port. (@pxref{option watchgnupg --tcp}). For in the field
+tests it is better to make use of the logging facility provided by the
+@command{gpgcedev} driver (part of libassuan); this is enabled by using
+a log file name of @file{GPG2:}. (@pxref{option --log-file}).
+@end ifset
+
+@end itemize
+
+
+@node Common Problems
+@section Commonly Seen Problems
+
+
+@itemize @bullet
+@item Error code @samp{Not supported} from Dirmngr
+
+Most likely the option @option{enable-ocsp} is active for gpgsm
+but Dirmngr's OCSP feature has not been enabled using
+@option{allow-ocsp} in @file{dirmngr.conf}.
+
+@item The Curses based Pinentry does not work
+
+The far most common reason for this is that the environment variable
+@code{GPG_TTY} has not been set correctly. Make sure that it has been
+set to a real tty devce and not just to @samp{/dev/tty};
+i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
+@samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that
+this environment variable gets exported, that is you should follow up
+the setting with an @samp{export GPG_TTY} (assuming a Bourne style
+shell). Even for GUI based Pinentries; you should have set
+@code{GPG_TTY}. See the section on installing the @command{gpg-agent}
+on how to do it.
+
+
+@item SSH hangs while a popping up pinentry was expected
+
+SSH has no way to tell the gpg-agent what terminal or X display it is
+running on. So when remotely logging into a box where a gpg-agent with
+SSH support is running, the pinentry will get popped up on whatever
+display the gpg-agent has been started. To solve this problem you may
+issue the command
+
+@smallexample
+echo UPDATESTARTUPTTY | gpg-connect-agent
+@end smallexample
+
+and the next pinentry will pop up on your display or screen. However,
+you need to kill the running pinentry first because only one pinentry
+may be running at once. If you plan to use ssh on a new display you
+should issue the above command before invoking ssh or any other service
+making use of ssh.
+
+
+@item Exporting a secret key without a certificate
+
+I may happen that you have created a certificate request using
+@command{gpgsm} but not yet received and imported the certificate from
+the CA. However, you want to export the secret key to another machine
+right now to import the certificate over there then. You can do this
+with a little trick but it requires that you know the approximate time
+you created the signing request. By running the command
+
+@smallexample
+ ls -ltr ~/.gnupg/private-keys-v1.d
+@end smallexample
+
+you get a listing of all private keys under control of @command{gpg-agent}.
+Pick the key which best matches the creation time and run the command
+
+@smallexample
+ /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
+@end smallexample
+
+(Please adjust the path to @command{gpg-protect-tool} to the appropriate
+location). @var{foo} is the name of the key file you picked (it should
+have the suffix @file{.key}). A Pinentry box will pop up and ask you
+for the current passphrase of the key and a new passphrase to protect it
+in the pkcs#12 file.
+
+To import the created file on the machine you use this command:
+
+@smallexample
+ /usr/local/libexec/gpg-protect-tool --p12-import --store @var{foo}.p12
+@end smallexample
+
+You will be asked for the pkcs#12 passphrase and a new passphrase to
+protect the imported private key at its new location.
+
+Note that there is no easy way to match existing certificates with
+stored private keys because some private keys are used for Secure Shell
+or other purposes and don't have a corresponding certificate.
+
+
+@item A root certificate does not verify
+
+A common problem is that the root certificate misses the required
+basicConstraints attribute and thus @command{gpgsm} rejects this
+certificate. An error message indicating ``no value'' is a sign for
+such a certificate. You may use the @code{relax} flag in
+@file{trustlist.txt} to accept the certificate anyway. Note that the
+fingerprint and this flag may only be added manually to
+@file{trustlist.txt}.
+
+@item Error message: ``digest algorithm N has not been enabled''
+
+The signature is broken. You may try the option
+@option{--extra-digest-algo SHA256} to workaround the problem. The
+number N is the internal algorithm identifier; for example 8 refers to
+SHA-256.
+
+
+@item The Windows version does not work under Wine
+
+When running the W32 version of @command{gpg} under Wine you may get
+an error messages like:
+
+@smallexample
+gpg: fatal: WriteConsole failed: Access denied
+@end smallexample
+
+@noindent
+The solution is to use the command @command{wineconsole}.
+
+Some operations like gen-key really want to talk to the console directly
+for increased security (for example to prevent the passphrase from
+appearing on the screen). So, you should use @command{wineconsole}
+instead of @command{wine}, which will launch a windows console that
+implements those additional features.
+
+
+@item Why does GPG's --search-key list weird keys?
+
+For performance reasons the keyservers do not check the keys the same
+way @command{gpg} does. It may happen that the listing of keys
+available on the keyservers shows keys with wrong user IDs or with user
+Ids from other keys. If you try to import this key, the bad keys or bad
+user ids won't get imported, though. This is a bit unfortunate but we
+can't do anything about it without actually downloading the keys.
+
+@end itemize
+
+
+@c ********************************************
+@c *** Architecture Details *****************
+@c ********************************************
+@node Architecture Details
+@section How the whole thing works internally.
+
+
+@menu
+* GnuPG-1 and GnuPG-2:: Relationship between the two branches.
+@end menu
+
+@node GnuPG-1 and GnuPG-2
+@subsection Relationship between the two branches.
+
+Here is a little picture showing how the components work together:
+
+@image{gnupg-card-architecture, 10cm}
+
+@noindent
+Lets try to explain it:
+
+TO BE DONE.
+
+
diff --git a/doc/examples/README b/doc/examples/README
new file mode 100644
index 0000000..3444822
--- /dev/null
+++ b/doc/examples/README
@@ -0,0 +1,9 @@
+Files in this directory:
+
+
+scd-event A handler script used with scdaemon
+
+trustlist.txt A list of trustworthy root certificates
+ (Please check yourself whether you actually trust them)
+
+gpgconf.conf A sample configuration file for gpgconf.
diff --git a/doc/examples/gpgconf.conf b/doc/examples/gpgconf.conf
new file mode 100644
index 0000000..ec8685a
--- /dev/null
+++ b/doc/examples/gpgconf.conf
@@ -0,0 +1,63 @@
+# gpgconf.conf - configuration for gpgconf
+#----------------------------------------------------------------------
+# This file is read by gpgconf(1) to setup defaults for all or
+# specified users and groups. It may be used to change the hardwired
+# defaults in gpgconf and to enforce certain values for the various
+# GnuPG related configuration files.
+#
+# Empty lines and comment lines, indicated by a hash mark as first non
+# white space character, are ignored. The line is separated by white
+# space into fields. The first field is used to match the user or
+# group and must start at the first column, the file is processes
+# sequential until a matching rule is found. A rule may contain
+# several lines; continuation lines are indicated by a indenting them.
+#
+# Syntax of a line:
+# <key>|WS <component> <option> ["["<flag>"]"] [<value>]
+#
+# Examples for the <key> field:
+# foo - Matches the user "foo".
+# foo: - Matches the user "foo".
+# foo:staff - Matches the user "foo" or the group "staff".
+# :staff - Matches the group "staff".
+# * - Matches any user.
+# All other variants are not defined and reserved for future use.
+#
+# <component> and <option> are as specified by gpgconf.
+# <flag> may be one of:
+# default - Delete the option so that the default is used.
+# no-change - Mark the field as non changeable by gpgconf.
+# change - Mark the field as changeable by gpgconf.
+#
+# Example file:
+#==========
+# :staff gpg-agent allow-mark-trusted [change]
+# gpg-agent min-passphrase-len 6
+#
+# * gpg-agent min-passphrase-len [no-change] 8
+# gpg-agent min-passphrase-nonalpha [no-change] 1
+# gpg-agent max-passphrase-days [no-change] 700
+# gpg-agent enable-passphrase-history [no-change]
+# gpg-agent enforce-passphrase-constraints [default]
+# gpg-agent enforce-passphrase-constraints [no-change]
+# gpg-agent max-cache-ttl [no-change] 10800
+# gpg-agent max-cache-ttl-ssh [no-change] 10800
+# gpg-agent allow-mark-trusted [default]
+# gpg-agent allow-mark-trusted [no-change]
+# gpgsm enable-ocsp
+#===========
+# All users in the group "staff" are allowed to change the value for
+# --allow-mark-trusted; gpgconf's default is not to allow a change
+# through its interface. When "gpgconf --apply-defaults" is used,
+# "allow-mark-trusted" will get enabled and "min-passphrase-len" set
+# to 6. All other users are not allowed to change
+# "min-passphrase-len" and "allow-mark-trusted". When "gpgconf
+# --apply-defaults" is used for them, "min-passphrase-len" is set to
+# 8, "allow-mark-trusted" deleted from the config file and
+# "enable-ocsp" is put into the config file of gpgsm. The latter may
+# be changed by any user.
+#-------------------------------------------------------------------
+
+
+
+
diff --git a/doc/examples/pwpattern.list b/doc/examples/pwpattern.list
new file mode 100644
index 0000000..251c2d4
--- /dev/null
+++ b/doc/examples/pwpattern.list
@@ -0,0 +1,48 @@
+# pwpattern.list -*- default-generic -*-
+#
+# This is an example for a pattern file as used by gpg-check-pattern.
+# The file is line based with comment lines beginning on the *first*
+# position with a '#'. Empty lines and lines with just spaces are
+# ignored. The other lines may be verbatim patterns and match as they
+# are (trailing spaces are ignored) or extended regular expressions
+# indicated by a / in the first column and terminated by another / or
+# end of line. All comparisons are case insensitive.
+
+# Reject the usual metavariables. Usual not required because
+# gpg-agent can be used to reject all passphrases shorter than 8
+# charactes.
+foo
+bar
+baz
+
+# As well as very common passwords. Note that gpg-agent can be used
+# to reject them due to missing non-alpha characters.
+password
+passwort
+passphrase
+mantra
+test
+abc
+egal
+
+# German number plates.
+/^[A-Z]{1,3}[ ]*-[ ]*[A-Z]{1,2}[ ]*[0-9]+/
+
+# Dates (very limited, only ISO dates). */
+/^[012][0-9][0-9][0-9]-[012][0-9]-[0123][0-9]$/
+
+# Arbitrary strings
+the quick brown fox jumps over the lazy dogs back
+no-password
+no password
+
+12345678
+123456789
+1234567890
+87654321
+987654321
+0987654321
+qwertyuiop
+qwertzuiop
+asdfghjkl
+zxcvbnm
diff --git a/doc/examples/scd-event b/doc/examples/scd-event
new file mode 100755
index 0000000..938465f
--- /dev/null
+++ b/doc/examples/scd-event
@@ -0,0 +1,102 @@
+#!/bin/sh
+# Sample script for scdaemon event mechanism.
+
+#exec >>/tmp/scd-event.log
+
+PGM=scd-event
+
+reader_port=
+old_code=0x0000
+new_code=0x0000
+status=
+
+tick='`'
+prev=
+while [ $# -gt 0 ]; do
+ arg="$1"
+ case $arg in
+ -*=*) optarg=$(echo "X$arg" | sed -e '1s/^X//' -e 's/[-_a-zA-Z0-9]*=//')
+ ;;
+ *) optarg=
+ ;;
+ esac
+ if [ -n "$prev" ]; then
+ eval "$prev=\$arg"
+ prev=
+ shift
+ continue
+ fi
+ case $arg in
+ --help|-h)
+ cat <<EOF
+Usage: $PGM [options]
+$PGM is called by scdaemon on card reader status changes
+
+Options:
+ --reader-port N Reports change for port N
+ --old-code 0xNNNN Previous status code
+ --old-code 0xNNNN Current status code
+ --status USABLE|ACTIVE|PRESENT|NOCARD
+ Human readable status code
+
+Environment:
+
+GNUPGHOME=DIR Set to the active homedir
+
+EOF
+ exit 0
+ ;;
+
+ --reader-port)
+ prev=reader_port
+ ;;
+ --reader-port=*)
+ reader_port="$optarg"
+ ;;
+ --old-code)
+ prev=old_code
+ ;;
+ --old-code=*)
+ old_code="$optarg"
+ ;;
+ --new-code)
+ prev=new_code
+ ;;
+ --new-code=*)
+ new_code="$optarg"
+ ;;
+ --status)
+ prev=status
+ ;;
+ --new-code=*)
+ status="$optarg"
+ ;;
+
+ -*)
+ echo "$PGM: invalid option $tick$arg'" >&2
+ exit 1
+ ;;
+
+ *)
+ break
+ ;;
+ esac
+ shift
+done
+if [ -n "$prev" ]; then
+ echo "$PGM: argument missing for option $tick$prev'" >&2
+ exit 1
+fi
+
+cat <<EOF
+========================
+port: $reader_port
+old-code: $old_code
+new-code: $new_code
+status: $status
+EOF
+
+if [ x$status = xUSABLE ]; then
+ gpg --batch --card-status 2>&1
+fi
+
diff --git a/doc/examples/trustlist.txt b/doc/examples/trustlist.txt
new file mode 100644
index 0000000..4d57242
--- /dev/null
+++ b/doc/examples/trustlist.txt
@@ -0,0 +1,66 @@
+# This is the global list of trusted keys. Comment lines, like this
+# one, as well as empty lines are ignored. Lines have a length limit
+# but this is not serious limitation as the format of the entries is
+# fixed and checked by gpg-agent. A non-comment line starts with
+# optional white space, followed by the SHA-1 fingerpint in hex,
+# optionally followed by a flag character which my either be 'P', 'S'
+# or '*'. This file will be read by gpg-agent if no local trustlist
+# is available or if the statement "include-default" is used in the
+# local list. You should give the gpg-agent(s) a HUP after editing
+# this file.
+
+
+#Serial number: 32D18D
+# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 S
+
+#Serial number: 00C48C8D
+# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B S
+
+#Serial number: 01
+# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 S
+
+#Serial number: 02
+# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 S
+
+#Serial number: 2A
+# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD S
+
+#Serial number: 2D
+# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D S
+
+# S/N: 0139
+# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de
+
+# S/N: 013C
+# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de
+
+
+# S/N: 00B3963E0E6C2D65125853E970665402E5
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA S
+
+# S/N: 00C4216083F35C54F67B09A80C3C55FE7D
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B S
+
+
+#Serial number: 00
+# Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.
+# cacert.org/O=Root CA/EMail=support@cacert.org
+13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 S
+
+
diff --git a/doc/glossary.texi b/doc/glossary.texi
new file mode 100644
index 0000000..1c72e50
--- /dev/null
+++ b/doc/glossary.texi
@@ -0,0 +1,72 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Glossary
+@unnumbered Glossary
+
+
+@table @samp
+@item ARL
+ The @emph{Authority Revocation List} is technical identical to a
+@acronym{CRL} but used for @acronym{CA}s and not for end user
+certificates.
+
+@item Chain model
+ Verification model for X.509 which uses the creation date of a
+signature as the date the validation starts and in turn checks that each
+certificate has been issued within the time frame, the issuing
+certificate was valid. This allows the verification of signatures after
+the CA's certificate expired. The validation test also required an
+online check of the certificate status. The chain model is required by
+the German signature law. See also @emph{Shell model}.
+
+@item CMS
+ The @emph{Cryptographic Message Standard} describes a message
+format for encryption and digital signing. It is closely related to the
+X.509 certificate format. @acronym{CMS} was formerly known under the
+name @code{PKCS#7} and is described by @code{RFC3369}.
+
+@item CRL
+ The @emph{Certificate Revocation List} is a list containing
+certificates revoked by the issuer.
+
+@item CSR
+ The @emph{Certificate Signing Request} is a message send to a CA to
+ask them to issue a new certificate. The data format of such a signing
+request is called PCKS#10.
+
+@item OpenPGP
+ A data format used to build a PKI and to exchange encrypted or
+signed messages. In contrast to X.509, OpenPGP also includes the
+message format but does not explicitly demand a specific PKI. However
+any kind of PKI may be build upon the OpenPGP protocol.
+
+@item Keygrip
+ This term is used by GnuPG to describe a 20 byte hash value used
+to identify a certain key without referencing to a concrete protocol.
+It is used internally to access a private key. Usually it is shown and
+entered as a 40 character hexadecimal formatted string.
+
+@item OCSP
+ The @emph{Online Certificate Status Protocol} is used as an
+alternative to a @acronym{CRL}. It is described in @code{RFC 2560}.
+
+@item PSE
+ The @emph{Personal Security Environment} describes a database to
+store private keys. This is either a smartcard or a collection of files
+on a disk; the latter is often called a Soft-PSE.
+
+
+@item Shell model
+The standard model for validation of certificates under X.509. At the
+time of the verification all certificates must be valid and not expired.
+See also @emph{Chain mode}.
+
+
+@item X.509
+Description of a PKI used with CMS. It is for example
+defined by @code{RFC3280}.
+
+
+@end table
diff --git a/doc/gnupg-card-architecture.eps b/doc/gnupg-card-architecture.eps
new file mode 100644
index 0000000..70f4536
--- /dev/null
+++ b/doc/gnupg-card-architecture.eps
@@ -0,0 +1,1003 @@
+%!PS-Adobe-3.0 EPSF-3.0
+%%Title: /home/wk/w/gnupg-stable/doc/gnupg-card-architecture.fig
+%%Creator: fig2dev Version 3.2 Patchlevel 5d
+%%CreationDate: Tue Mar 27 10:23:53 2012
+%%BoundingBox: 0 0 823 458
+%Magnification: 1.0000
+%%EndComments
+%
+% Copyright 2005 Werner Koch
+%
+% This file is part of GnuPG.
+%
+% GnuPG is free software; you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation; either version 3 of the License, or
+% (at your option) any later version.
+%
+% GnuPG is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with this program; if not, see <http://www.gnu.org/licenses/>.
+%
+%
+%%BeginProlog
+/$F2psDict 200 dict def
+$F2psDict begin
+$F2psDict /mtrx matrix put
+/col-1 {0 setgray} bind def
+/col0 {0.000 0.000 0.000 srgb} bind def
+/col1 {0.000 0.000 1.000 srgb} bind def
+/col2 {0.000 1.000 0.000 srgb} bind def
+/col3 {0.000 1.000 1.000 srgb} bind def
+/col4 {1.000 0.000 0.000 srgb} bind def
+/col5 {1.000 0.000 1.000 srgb} bind def
+/col6 {1.000 1.000 0.000 srgb} bind def
+/col7 {1.000 1.000 1.000 srgb} bind def
+/col8 {0.000 0.000 0.560 srgb} bind def
+/col9 {0.000 0.000 0.690 srgb} bind def
+/col10 {0.000 0.000 0.820 srgb} bind def
+/col11 {0.530 0.810 1.000 srgb} bind def
+/col12 {0.000 0.560 0.000 srgb} bind def
+/col13 {0.000 0.690 0.000 srgb} bind def
+/col14 {0.000 0.820 0.000 srgb} bind def
+/col15 {0.000 0.560 0.560 srgb} bind def
+/col16 {0.000 0.690 0.690 srgb} bind def
+/col17 {0.000 0.820 0.820 srgb} bind def
+/col18 {0.560 0.000 0.000 srgb} bind def
+/col19 {0.690 0.000 0.000 srgb} bind def
+/col20 {0.820 0.000 0.000 srgb} bind def
+/col21 {0.560 0.000 0.560 srgb} bind def
+/col22 {0.690 0.000 0.690 srgb} bind def
+/col23 {0.820 0.000 0.820 srgb} bind def
+/col24 {0.500 0.190 0.000 srgb} bind def
+/col25 {0.630 0.250 0.000 srgb} bind def
+/col26 {0.750 0.380 0.000 srgb} bind def
+/col27 {1.000 0.500 0.500 srgb} bind def
+/col28 {1.000 0.630 0.630 srgb} bind def
+/col29 {1.000 0.750 0.750 srgb} bind def
+/col30 {1.000 0.880 0.880 srgb} bind def
+/col31 {1.000 0.840 0.000 srgb} bind def
+/col32 {0.255 0.271 0.255 srgb} bind def
+/col33 {0.502 0.502 0.502 srgb} bind def
+/col34 {0.753 0.753 0.753 srgb} bind def
+/col35 {0.776 0.718 0.592 srgb} bind def
+/col36 {0.937 0.973 1.000 srgb} bind def
+/col37 {0.863 0.796 0.651 srgb} bind def
+/col38 {0.878 0.878 0.878 srgb} bind def
+/col39 {0.557 0.561 0.557 srgb} bind def
+/col40 {0.667 0.667 0.667 srgb} bind def
+/col41 {0.333 0.333 0.333 srgb} bind def
+/col42 {0.251 0.251 0.251 srgb} bind def
+/col43 {0.525 0.510 0.525 srgb} bind def
+/col44 {0.780 0.765 0.780 srgb} bind def
+/col45 {0.906 0.890 0.906 srgb} bind def
+/col46 {0.557 0.557 0.557 srgb} bind def
+/col47 {0.267 0.267 0.267 srgb} bind def
+/col48 {0.525 0.525 0.525 srgb} bind def
+/col49 {0.780 0.780 0.780 srgb} bind def
+/col50 {0.400 0.400 0.400 srgb} bind def
+/col51 {0.886 0.886 0.933 srgb} bind def
+/col52 {0.580 0.580 0.604 srgb} bind def
+/col53 {0.859 0.859 0.859 srgb} bind def
+/col54 {0.631 0.631 0.718 srgb} bind def
+/col55 {0.612 0.000 0.000 srgb} bind def
+/col56 {0.929 0.929 0.929 srgb} bind def
+/col57 {0.525 0.675 1.000 srgb} bind def
+/col58 {0.439 0.439 1.000 srgb} bind def
+/col59 {0.745 0.745 0.745 srgb} bind def
+/col60 {0.318 0.318 0.318 srgb} bind def
+/col61 {0.000 0.000 0.286 srgb} bind def
+/col62 {0.475 0.475 0.475 srgb} bind def
+/col63 {0.188 0.204 0.188 srgb} bind def
+/col64 {0.780 0.714 0.588 srgb} bind def
+/col65 {0.843 0.843 0.843 srgb} bind def
+/col66 {0.682 0.682 0.682 srgb} bind def
+/col67 {0.522 0.502 0.490 srgb} bind def
+/col68 {0.824 0.824 0.824 srgb} bind def
+/col69 {0.227 0.227 0.227 srgb} bind def
+/col70 {0.271 0.451 0.667 srgb} bind def
+/col71 {0.000 0.000 0.000 srgb} bind def
+/col72 {0.906 0.906 0.906 srgb} bind def
+/col73 {0.969 0.969 0.969 srgb} bind def
+/col74 {0.839 0.843 0.839 srgb} bind def
+/col75 {0.482 0.475 0.647 srgb} bind def
+/col76 {0.937 0.984 1.000 srgb} bind def
+/col77 {0.620 0.620 0.620 srgb} bind def
+/col78 {0.443 0.459 0.443 srgb} bind def
+/col79 {0.451 0.459 0.549 srgb} bind def
+/col80 {0.255 0.255 0.255 srgb} bind def
+/col81 {0.388 0.365 0.808 srgb} bind def
+/col82 {0.337 0.318 0.318 srgb} bind def
+/col83 {0.867 0.616 0.576 srgb} bind def
+/col84 {0.945 0.925 0.878 srgb} bind def
+/col85 {0.765 0.765 0.765 srgb} bind def
+/col86 {0.886 0.784 0.659 srgb} bind def
+/col87 {0.882 0.882 0.882 srgb} bind def
+/col88 {0.855 0.478 0.102 srgb} bind def
+/col89 {0.945 0.894 0.102 srgb} bind def
+/col90 {0.533 0.490 0.761 srgb} bind def
+/col91 {0.839 0.839 0.839 srgb} bind def
+/col92 {0.549 0.549 0.647 srgb} bind def
+/col93 {0.290 0.290 0.290 srgb} bind def
+/col94 {0.549 0.420 0.420 srgb} bind def
+/col95 {0.353 0.353 0.353 srgb} bind def
+/col96 {0.388 0.388 0.388 srgb} bind def
+/col97 {0.718 0.608 0.451 srgb} bind def
+/col98 {0.255 0.576 1.000 srgb} bind def
+/col99 {0.749 0.439 0.231 srgb} bind def
+/col100 {0.859 0.467 0.000 srgb} bind def
+/col101 {0.855 0.722 0.000 srgb} bind def
+/col102 {0.000 0.392 0.000 srgb} bind def
+/col103 {0.353 0.420 0.231 srgb} bind def
+/col104 {0.827 0.827 0.827 srgb} bind def
+/col105 {0.557 0.557 0.643 srgb} bind def
+/col106 {0.953 0.725 0.365 srgb} bind def
+/col107 {0.537 0.600 0.420 srgb} bind def
+/col108 {0.392 0.392 0.392 srgb} bind def
+/col109 {0.718 0.902 1.000 srgb} bind def
+/col110 {0.525 0.753 0.925 srgb} bind def
+/col111 {0.741 0.741 0.741 srgb} bind def
+/col112 {0.827 0.584 0.322 srgb} bind def
+/col113 {0.596 0.824 0.996 srgb} bind def
+/col114 {0.549 0.612 0.420 srgb} bind def
+/col115 {0.969 0.420 0.000 srgb} bind def
+/col116 {0.353 0.420 0.224 srgb} bind def
+/col117 {0.549 0.612 0.420 srgb} bind def
+/col118 {0.549 0.612 0.482 srgb} bind def
+/col119 {0.094 0.290 0.094 srgb} bind def
+/col120 {0.678 0.678 0.678 srgb} bind def
+/col121 {0.969 0.741 0.353 srgb} bind def
+/col122 {0.388 0.420 0.612 srgb} bind def
+/col123 {0.871 0.000 0.000 srgb} bind def
+/col124 {0.678 0.678 0.678 srgb} bind def
+/col125 {0.969 0.741 0.353 srgb} bind def
+/col126 {0.678 0.678 0.678 srgb} bind def
+/col127 {0.969 0.741 0.353 srgb} bind def
+/col128 {0.388 0.420 0.612 srgb} bind def
+/col129 {0.322 0.420 0.161 srgb} bind def
+/col130 {0.580 0.580 0.580 srgb} bind def
+/col131 {0.000 0.388 0.000 srgb} bind def
+/col132 {0.000 0.388 0.290 srgb} bind def
+/col133 {0.482 0.518 0.290 srgb} bind def
+/col134 {0.906 0.741 0.482 srgb} bind def
+/col135 {0.647 0.710 0.776 srgb} bind def
+/col136 {0.420 0.420 0.580 srgb} bind def
+/col137 {0.518 0.420 0.420 srgb} bind def
+/col138 {0.322 0.612 0.290 srgb} bind def
+/col139 {0.839 0.906 0.906 srgb} bind def
+/col140 {0.322 0.388 0.388 srgb} bind def
+/col141 {0.094 0.420 0.290 srgb} bind def
+/col142 {0.612 0.647 0.710 srgb} bind def
+/col143 {1.000 0.580 0.000 srgb} bind def
+/col144 {1.000 0.580 0.000 srgb} bind def
+/col145 {0.000 0.388 0.290 srgb} bind def
+/col146 {0.482 0.518 0.290 srgb} bind def
+/col147 {0.388 0.451 0.482 srgb} bind def
+/col148 {0.906 0.741 0.482 srgb} bind def
+/col149 {0.094 0.290 0.094 srgb} bind def
+/col150 {0.969 0.741 0.353 srgb} bind def
+/col151 {0.871 0.871 0.871 srgb} bind def
+/col152 {0.953 0.933 0.827 srgb} bind def
+/col153 {0.961 0.682 0.365 srgb} bind def
+/col154 {0.584 0.808 0.600 srgb} bind def
+/col155 {0.710 0.082 0.490 srgb} bind def
+/col156 {0.933 0.933 0.933 srgb} bind def
+/col157 {0.518 0.518 0.518 srgb} bind def
+/col158 {0.482 0.482 0.482 srgb} bind def
+/col159 {0.000 0.353 0.000 srgb} bind def
+/col160 {0.906 0.451 0.451 srgb} bind def
+/col161 {1.000 0.796 0.192 srgb} bind def
+/col162 {0.161 0.475 0.290 srgb} bind def
+/col163 {0.871 0.157 0.129 srgb} bind def
+/col164 {0.129 0.349 0.776 srgb} bind def
+/col165 {0.973 0.973 0.973 srgb} bind def
+/col166 {0.902 0.902 0.902 srgb} bind def
+/col167 {0.129 0.518 0.353 srgb} bind def
+/col168 {1.000 0.580 0.031 srgb} bind def
+/col169 {0.000 0.439 0.000 srgb} bind def
+/col170 {0.816 0.000 0.000 srgb} bind def
+/col171 {0.996 0.839 0.000 srgb} bind def
+/col172 {0.847 0.125 0.063 srgb} bind def
+/col173 {0.000 0.204 0.518 srgb} bind def
+/col174 {0.839 0.125 0.063 srgb} bind def
+/col175 {0.220 0.565 0.000 srgb} bind def
+/col176 {0.729 0.000 0.000 srgb} bind def
+/col177 {0.000 0.200 0.502 srgb} bind def
+/col178 {0.000 0.655 0.741 srgb} bind def
+/col179 {1.000 0.773 0.000 srgb} bind def
+/col180 {0.031 0.482 0.816 srgb} bind def
+/col181 {0.984 0.757 0.000 srgb} bind def
+/col182 {0.518 0.000 0.161 srgb} bind def
+/col183 {0.027 0.224 0.612 srgb} bind def
+/col184 {0.000 0.388 0.741 srgb} bind def
+/col185 {0.224 0.675 0.875 srgb} bind def
+/col186 {0.259 0.753 0.878 srgb} bind def
+/col187 {0.192 0.808 1.000 srgb} bind def
+/col188 {1.000 0.871 0.000 srgb} bind def
+/col189 {0.031 0.353 0.000 srgb} bind def
+/col190 {1.000 0.129 0.000 srgb} bind def
+/col191 {0.969 0.369 0.031 srgb} bind def
+/col192 {0.937 0.482 0.031 srgb} bind def
+/col193 {1.000 0.510 0.000 srgb} bind def
+/col194 {0.000 0.490 0.000 srgb} bind def
+/col195 {0.000 0.000 0.745 srgb} bind def
+/col196 {0.459 0.459 0.459 srgb} bind def
+/col197 {0.953 0.953 0.953 srgb} bind def
+/col198 {0.843 0.827 0.843 srgb} bind def
+/col199 {0.682 0.667 0.682 srgb} bind def
+/col200 {0.761 0.761 0.761 srgb} bind def
+/col201 {0.188 0.188 0.188 srgb} bind def
+/col202 {0.318 0.333 0.318 srgb} bind def
+/col203 {0.969 0.953 0.969 srgb} bind def
+/col204 {0.443 0.443 0.443 srgb} bind def
+
+end
+
+/cp {closepath} bind def
+/ef {eofill} bind def
+/gr {grestore} bind def
+/gs {gsave} bind def
+/sa {save} bind def
+/rs {restore} bind def
+/l {lineto} bind def
+/m {moveto} bind def
+/rm {rmoveto} bind def
+/n {newpath} bind def
+/s {stroke} bind def
+/sh {show} bind def
+/slc {setlinecap} bind def
+/slj {setlinejoin} bind def
+/slw {setlinewidth} bind def
+/srgb {setrgbcolor} bind def
+/rot {rotate} bind def
+/sc {scale} bind def
+/sd {setdash} bind def
+/ff {findfont} bind def
+/sf {setfont} bind def
+/scf {scalefont} bind def
+/sw {stringwidth} bind def
+/tr {translate} bind def
+/tnt {dup dup currentrgbcolor
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
+ bind def
+/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
+ 4 -2 roll mul srgb} bind def
+/reencdict 12 dict def /ReEncode { reencdict begin
+/newcodesandnames exch def /newfontname exch def /basefontname exch def
+/basefontdict basefontname findfont def /newfont basefontdict maxlength dict def
+basefontdict { exch dup /FID ne { dup /Encoding eq
+{ exch dup length array copy newfont 3 1 roll put }
+{ exch newfont 3 1 roll put } ifelse } { pop pop } ifelse } forall
+newfont /FontName newfontname put newcodesandnames aload pop
+128 1 255 { newfont /Encoding get exch /.notdef put } for
+newcodesandnames length 2 idiv { newfont /Encoding get 3 1 roll put } repeat
+newfontname newfont definefont pop end } def
+/isovec [
+8#055 /minus 8#200 /grave 8#201 /acute 8#202 /circumflex 8#203 /tilde
+8#204 /macron 8#205 /breve 8#206 /dotaccent 8#207 /dieresis
+8#210 /ring 8#211 /cedilla 8#212 /hungarumlaut 8#213 /ogonek 8#214 /caron
+8#220 /dotlessi 8#230 /oe 8#231 /OE
+8#240 /space 8#241 /exclamdown 8#242 /cent 8#243 /sterling
+8#244 /currency 8#245 /yen 8#246 /brokenbar 8#247 /section 8#250 /dieresis
+8#251 /copyright 8#252 /ordfeminine 8#253 /guillemotleft 8#254 /logicalnot
+8#255 /hyphen 8#256 /registered 8#257 /macron 8#260 /degree 8#261 /plusminus
+8#262 /twosuperior 8#263 /threesuperior 8#264 /acute 8#265 /mu 8#266 /paragraph
+8#267 /periodcentered 8#270 /cedilla 8#271 /onesuperior 8#272 /ordmasculine
+8#273 /guillemotright 8#274 /onequarter 8#275 /onehalf
+8#276 /threequarters 8#277 /questiondown 8#300 /Agrave 8#301 /Aacute
+8#302 /Acircumflex 8#303 /Atilde 8#304 /Adieresis 8#305 /Aring
+8#306 /AE 8#307 /Ccedilla 8#310 /Egrave 8#311 /Eacute
+8#312 /Ecircumflex 8#313 /Edieresis 8#314 /Igrave 8#315 /Iacute
+8#316 /Icircumflex 8#317 /Idieresis 8#320 /Eth 8#321 /Ntilde 8#322 /Ograve
+8#323 /Oacute 8#324 /Ocircumflex 8#325 /Otilde 8#326 /Odieresis 8#327 /multiply
+8#330 /Oslash 8#331 /Ugrave 8#332 /Uacute 8#333 /Ucircumflex
+8#334 /Udieresis 8#335 /Yacute 8#336 /Thorn 8#337 /germandbls 8#340 /agrave
+8#341 /aacute 8#342 /acircumflex 8#343 /atilde 8#344 /adieresis 8#345 /aring
+8#346 /ae 8#347 /ccedilla 8#350 /egrave 8#351 /eacute
+8#352 /ecircumflex 8#353 /edieresis 8#354 /igrave 8#355 /iacute
+8#356 /icircumflex 8#357 /idieresis 8#360 /eth 8#361 /ntilde 8#362 /ograve
+8#363 /oacute 8#364 /ocircumflex 8#365 /otilde 8#366 /odieresis 8#367 /divide
+8#370 /oslash 8#371 /ugrave 8#372 /uacute 8#373 /ucircumflex
+8#374 /udieresis 8#375 /yacute 8#376 /thorn 8#377 /ydieresis] def
+/Helvetica-Bold /Helvetica-Bold-iso isovec ReEncode
+/Helvetica /Helvetica-iso isovec ReEncode
+/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
+/$F2psEnd {$F2psEnteredState restore end} def
+
+/pageheader {
+save
+newpath 0 458 moveto 0 0 lineto 823 0 lineto 823 458 lineto closepath clip newpath
+-8.3 472.6 translate
+1 -1 scale
+$F2psBegin
+10 setmiterlimit
+0 slj 0 slc
+ 0.06299 0.06299 sc
+} bind def
+/pagefooter {
+$F2psEnd
+restore
+} bind def
+%%EndProlog
+pageheader
+%
+% Fig objects follow
+%
+%
+% here starts figure with depth 60
+% Polyline
+0 slj
+0 slc
+15.000 slw
+n 9393 2072 m 9318 2072 9318 5664 75 arcto 4 {pop} repeat
+ 9318 5739 13062 5739 75 arcto 4 {pop} repeat
+ 13137 5739 13137 2147 75 arcto 4 {pop} repeat
+ 13137 2072 9393 2072 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 10849 5901 m 10774 5901 10774 6285 75 arcto 4 {pop} repeat
+ 10774 6360 11616 6360 75 arcto 4 {pop} repeat
+ 11691 6360 11691 5976 75 arcto 4 {pop} repeat
+ 11691 5901 10849 5901 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 228 2072 m 153 2072 153 5664 75 arcto 4 {pop} repeat
+ 153 5739 3897 5739 75 arcto 4 {pop} repeat
+ 3972 5739 3972 2147 75 arcto 4 {pop} repeat
+ 3972 2072 228 2072 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 4810 2072 m 4735 2072 4735 5664 75 arcto 4 {pop} repeat
+ 4735 5739 8479 5739 75 arcto 4 {pop} repeat
+ 8554 5739 8554 2147 75 arcto 4 {pop} repeat
+ 8554 2072 4810 2072 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 6643 423 m 6568 423 6568 1264 75 arcto 4 {pop} repeat
+ 6568 1339 8479 1339 75 arcto 4 {pop} repeat
+ 8554 1339 8554 498 75 arcto 4 {pop} repeat
+ 8554 423 6643 423 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 10768 6991 m 10693 6991 10693 7405 75 arcto 4 {pop} repeat
+ 10693 7480 11656 7480 75 arcto 4 {pop} repeat
+ 11731 7480 11731 7066 75 arcto 4 {pop} repeat
+ 11731 6991 10768 6991 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% here ends figure;
+%
+% here starts figure with depth 50
+% Polyline
+0 slj
+0 slc
+7.500 slw
+n 9546 3936 m 9471 3936 9471 4319 75 arcto 4 {pop} repeat
+ 9471 4394 10465 4394 75 arcto 4 {pop} repeat
+ 10540 4394 10540 4011 75 arcto 4 {pop} repeat
+ 10540 3936 9546 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 9546 5158 m 9471 5158 9471 5541 75 arcto 4 {pop} repeat
+ 9471 5616 10312 5616 75 arcto 4 {pop} repeat
+ 10387 5616 10387 5233 75 arcto 4 {pop} repeat
+ 10387 5158 9546 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 9546 4547 m 9471 4547 9471 4930 75 arcto 4 {pop} repeat
+ 9471 5005 12909 5005 75 arcto 4 {pop} repeat
+ 12984 5005 12984 4622 75 arcto 4 {pop} repeat
+ 12984 4547 9546 4547 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 12142 5158 m 12067 5158 12067 5541 75 arcto 4 {pop} repeat
+ 12067 5616 12909 5616 75 arcto 4 {pop} repeat
+ 12984 5616 12984 5233 75 arcto 4 {pop} repeat
+ 12984 5158 12142 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 10859 5168 m 10784 5168 10784 5552 75 arcto 4 {pop} repeat
+ 10784 5627 11626 5627 75 arcto 4 {pop} repeat
+ 11701 5627 11701 5243 75 arcto 4 {pop} repeat
+ 11701 5168 10859 5168 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 10768 3936 m 10693 3936 10693 4319 75 arcto 4 {pop} repeat
+ 10693 4394 11687 4394 75 arcto 4 {pop} repeat
+ 11762 4394 11762 4011 75 arcto 4 {pop} repeat
+ 11762 3936 10768 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 11990 3936 m 11915 3936 11915 4319 75 arcto 4 {pop} repeat
+ 11915 4394 12909 4394 75 arcto 4 {pop} repeat
+ 12984 4394 12984 4011 75 arcto 4 {pop} repeat
+ 12984 3936 11990 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+ [15 45] 45 sd
+n 9318 3753 m
+ 13137 3753 l gs col0 s gr [] 0 sd
+% Polyline
+15.000 slw
+n 11755 5739 m 11770 5739 l gs col0 s gr
+% Polyline
+ [90] 0 sd
+n 10693 5739 m 10693 6502 l 11762 6502 l
+ 11762 5739 l gs col0 s gr [] 0 sd
+% Polyline
+7.500 slw
+n 381 3936 m 306 3936 306 4319 75 arcto 4 {pop} repeat
+ 306 4394 1300 4394 75 arcto 4 {pop} repeat
+ 1375 4394 1375 4011 75 arcto 4 {pop} repeat
+ 1375 3936 381 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 381 5158 m 306 5158 306 5541 75 arcto 4 {pop} repeat
+ 306 5616 1147 5616 75 arcto 4 {pop} repeat
+ 1222 5616 1222 5233 75 arcto 4 {pop} repeat
+ 1222 5158 381 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 381 4547 m 306 4547 306 4930 75 arcto 4 {pop} repeat
+ 306 5005 3744 5005 75 arcto 4 {pop} repeat
+ 3819 5005 3819 4622 75 arcto 4 {pop} repeat
+ 3819 4547 381 4547 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 2977 5158 m 2902 5158 2902 5541 75 arcto 4 {pop} repeat
+ 2902 5616 3744 5616 75 arcto 4 {pop} repeat
+ 3819 5616 3819 5233 75 arcto 4 {pop} repeat
+ 3819 5158 2977 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 1694 5168 m 1619 5168 1619 5552 75 arcto 4 {pop} repeat
+ 1619 5627 2461 5627 75 arcto 4 {pop} repeat
+ 2536 5627 2536 5243 75 arcto 4 {pop} repeat
+ 2536 5168 1694 5168 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 2214 3753 m 2139 3753 2139 4136 75 arcto 4 {pop} repeat
+ 2139 4211 3133 4211 75 arcto 4 {pop} repeat
+ 3208 4211 3208 3828 75 arcto 4 {pop} repeat
+ 3208 3753 2214 3753 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+15.000 slw
+n 2590 5739 m 2605 5739 l gs col0 s gr
+% Polyline
+7.500 slw
+gs clippath
+1498 4113 m 1386 4132 l 1393 4172 l 1504 4153 l 1504 4153 l 1421 4147 l 1498 4113 l cp
+eoclip
+n 2139 4028 m
+ 1405 4150 l gs col0 s gr gr
+
+% arrowhead
+n 1498 4113 m 1421 4147 l 1504 4153 l 1498 4113 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+ [15 45] 45 sd
+n 153 3753 m 1833 3753 l 1833 4364 l
+ 3972 4364 l gs col0 s gr [] 0 sd
+% Polyline
+n 4963 4058 m 4888 4058 4888 5358 75 arcto 4 {pop} repeat
+ 4888 5433 5271 5433 75 arcto 4 {pop} repeat
+ 5346 5433 5346 4133 75 arcto 4 {pop} repeat
+ 5346 4058 4963 4058 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 4963 2378 m 4888 2378 4888 3678 75 arcto 4 {pop} repeat
+ 4888 3753 5271 3753 75 arcto 4 {pop} repeat
+ 5346 3753 5346 2453 75 arcto 4 {pop} repeat
+ 5346 2378 4963 2378 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 6032 3447 m 5957 3447 5957 4136 75 arcto 4 {pop} repeat
+ 5957 4211 7104 4211 75 arcto 4 {pop} repeat
+ 7179 4211 7179 3522 75 arcto 4 {pop} repeat
+ 7179 3447 6032 3447 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 7191 4883 m 7199 4883 l gs col0 s gr
+% Polyline
+n 7191 4883 m 7199 4883 l gs col0 s gr
+% Polyline
+n 6796 4517 m 6721 4517 6721 4900 75 arcto 4 {pop} repeat
+ 6721 4975 7257 4975 75 arcto 4 {pop} repeat
+ 7332 4975 7332 4592 75 arcto 4 {pop} repeat
+ 7332 4517 6796 4517 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+gs clippath
+6934 4479 m 7028 4542 l 7050 4508 l 6957 4445 l 6957 4445 l 7014 4508 l 6934 4479 l cp
+6660 4248 m 6566 4185 l 6544 4219 l 6637 4282 l 6637 4282 l 6581 4220 l 6660 4248 l cp
+eoclip
+n 6568 4211 m
+ 7027 4517 l gs col0 s gr gr
+
+% arrowhead
+n 6660 4248 m 6581 4220 l 6637 4282 l 6660 4248 l cp gs 0.00 setgray ef gr col0 s
+% arrowhead
+n 6934 4479 m 7014 4508 l 6957 4445 l 6934 4479 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+gs clippath
+6179 4445 m 6086 4508 l 6108 4542 l 6202 4479 l 6202 4479 l 6123 4508 l 6179 4445 l cp
+6498 4282 m 6591 4219 l 6569 4185 l 6475 4248 l 6475 4248 l 6555 4220 l 6498 4282 l cp
+eoclip
+n 6568 4211 m
+ 6110 4517 l gs col0 s gr gr
+
+% arrowhead
+n 6498 4282 m 6555 4220 l 6475 4248 l 6498 4282 l cp gs 0.00 setgray ef gr col0 s
+% arrowhead
+n 6179 4445 m 6123 4508 l 6202 4479 l 6179 4445 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+n 5880 4517 m 5805 4517 5805 4900 75 arcto 4 {pop} repeat
+ 5805 4975 6341 4975 75 arcto 4 {pop} repeat
+ 6416 4975 6416 4592 75 arcto 4 {pop} repeat
+ 6416 4517 5880 4517 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 7713 3600 m 7638 3600 7638 3983 75 arcto 4 {pop} repeat
+ 7638 4058 8326 4058 75 arcto 4 {pop} repeat
+ 8401 4058 8401 3675 75 arcto 4 {pop} repeat
+ 8401 3600 7713 3600 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 7634 3814 m 7642 3814 l gs col0 s gr
+% Polyline
+n 9546 2225 m 9471 2225 9471 3525 75 arcto 4 {pop} repeat
+ 9471 3600 9854 3600 75 arcto 4 {pop} repeat
+ 9929 3600 9929 2300 75 arcto 4 {pop} repeat
+ 9929 2225 9546 2225 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+ [60] 0 sd
+gs clippath
+11083 351 m 11196 351 l 11196 310 l 11083 310 l 11083 310 l 11165 331 l 11083 351 l cp
+eoclip
+n 10632 331 m
+ 11181 331 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+n 11083 351 m 11165 331 l 11083 310 l 11083 351 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+15.000 slw
+gs clippath
+10986 677 m 11196 677 l 11196 596 l 10986 596 l 10986 596 l 11149 637 l 10986 677 l cp
+eoclip
+n 10632 637 m
+ 11181 637 l gs col1 s gr gr
+
+% arrowhead
+n 10986 677 m 11149 637 l 10986 596 l 10986 677 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+7.500 slw
+gs clippath
+11083 962 m 11196 962 l 11196 921 l 11083 921 l 11083 921 l 11165 942 l 11083 962 l cp
+eoclip
+n 10632 942 m
+ 11181 942 l gs col0 s gr gr
+
+% arrowhead
+n 11083 962 m 11165 942 l 11083 921 l 11083 962 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+n 6919 6197 m 6904 6197 6904 7170 15 arcto 4 {pop} repeat
+ 6904 7185 8457 7185 15 arcto 4 {pop} repeat
+ 8472 7185 8472 6212 15 arcto 4 {pop} repeat
+ 8472 6197 6919 6197 15 arcto 4 {pop} repeat
+ cp gs col7 1.00 shd ef gr gs col-1 s gr
+% Polyline
+gs clippath
+5873 3698 m 5953 3778 l 5982 3749 l 5902 3669 l 5902 3669 l 5946 3742 l 5873 3698 l cp
+eoclip
+n 5346 3142 m
+ 5957 3753 l gs col0 s gr gr
+
+% arrowhead
+n 5873 3698 m 5946 3742 l 5902 3669 l 5873 3698 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+gs clippath
+5912 3994 m 5982 3906 l 5950 3880 l 5880 3968 l 5880 3968 l 5947 3918 l 5912 3994 l cp
+eoclip
+n 5346 4669 m
+ 5957 3905 l gs col0 s gr gr
+
+% arrowhead
+n 5912 3994 m 5947 3918 l 5880 3968 l 5912 3994 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+gs clippath
+7540 3834 m 7653 3834 l 7653 3793 l 7540 3793 l 7540 3793 l 7622 3814 l 7540 3834 l cp
+7276 3793 m 7164 3793 l 7164 3834 l 7276 3834 l 7276 3834 l 7195 3814 l 7276 3793 l cp
+eoclip
+n 7179 3814 m
+ 7638 3814 l gs col0 s gr gr
+
+% arrowhead
+n 7276 3793 m 7195 3814 l 7276 3834 l 7276 3793 l cp gs 0.00 setgray ef gr col0 s
+% arrowhead
+n 7540 3834 m 7622 3814 l 7540 3793 l 7540 3834 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+2 slj
+15.000 slw
+gs clippath
+7694 1441 m 7524 1318 l 7476 1384 l 7646 1507 l 7646 1507 l 7539 1379 l 7694 1441 l cp
+eoclip
+n 8022 3600 m 8022 3599 l 8023 3597 l 8024 3592 l 8026 3585 l 8028 3575 l
+ 8031 3562 l 8035 3545 l 8039 3525 l 8045 3501 l 8051 3474 l
+ 8057 3444 l 8064 3410 l 8072 3374 l 8079 3336 l 8087 3295 l
+ 8095 3252 l 8102 3208 l 8109 3163 l 8116 3117 l 8123 3069 l
+ 8129 3021 l 8134 2972 l 8139 2921 l 8143 2870 l 8145 2818 l
+ 8147 2765 l 8148 2710 l 8147 2654 l 8145 2596 l 8142 2537 l
+ 8136 2476 l 8129 2414 l 8120 2351 l 8109 2288 l 8096 2225 l
+ 8079 2156 l 8060 2091 l 8039 2029 l 8017 1971 l 7995 1917 l
+ 7971 1868 l 7948 1822 l 7923 1780 l 7899 1740 l 7874 1704 l
+ 7848 1670 l 7823 1638 l 7797 1608 l 7772 1580 l 7746 1553 l
+ 7720 1528 l 7695 1505 l 7671 1483 l 7647 1463 l 7625 1445 l
+ 7605 1428 l 7586 1413 l 7569 1400 l 7554 1389 l 7542 1380 l
+ 7532 1373 l 7524 1368 l
+ 7513 1360 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 7694 1441 m 7539 1379 l 7646 1507 l 7694 1441 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+gs clippath
+9472 3096 m 9513 2890 l 9433 2874 l 9393 3080 l 9393 3080 l 9465 2929 l 9472 3096 l cp
+eoclip
+n 7332 4730 m 7333 4730 l 7335 4731 l 7339 4732 l 7346 4733 l 7355 4735 l
+ 7367 4738 l 7382 4741 l 7401 4745 l 7423 4750 l 7449 4754 l
+ 7477 4760 l 7509 4765 l 7543 4771 l 7580 4776 l 7619 4782 l
+ 7660 4787 l 7702 4791 l 7746 4795 l 7791 4798 l 7837 4800 l
+ 7884 4801 l 7931 4800 l 7979 4798 l 8028 4794 l 8078 4789 l
+ 8128 4781 l 8179 4771 l 8231 4758 l 8284 4742 l 8338 4724 l
+ 8393 4702 l 8449 4676 l 8506 4646 l 8564 4612 l 8622 4575 l
+ 8680 4532 l 8737 4486 l 8790 4439 l 8840 4389 l 8888 4337 l
+ 8932 4284 l 8975 4231 l 9014 4176 l 9050 4122 l 9084 4068 l
+ 9116 4013 l 9145 3959 l 9172 3904 l 9198 3850 l 9221 3796 l
+ 9244 3741 l 9264 3687 l 9284 3633 l 9302 3579 l 9319 3526 l
+ 9335 3473 l 9350 3420 l 9365 3369 l 9378 3319 l 9390 3270 l
+ 9402 3223 l 9412 3178 l 9422 3136 l 9431 3097 l 9438 3061 l
+ 9445 3028 l 9451 3000 l 9456 2975 l 9460 2953 l 9464 2936 l
+ 9466 2922 l 9468 2912 l
+ 9471 2897 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 9472 3096 m 9465 2929 l 9393 3080 l col1 s
+% Polyline
+2 slj
+gs clippath
+4726 4612 m 4867 4768 l 4928 4713 l 4786 4558 l 4786 4558 l 4866 4706 l 4726 4612 l cp
+eoclip
+n 3238 3997 m 3239 3997 l 3242 3997 l 3247 3998 l 3255 3999 l 3266 4000 l
+ 3281 4002 l 3300 4004 l 3322 4007 l 3347 4011 l 3375 4015 l
+ 3406 4019 l 3439 4024 l 3474 4029 l 3511 4035 l 3549 4042 l
+ 3589 4049 l 3629 4057 l 3671 4066 l 3713 4075 l 3757 4086 l
+ 3802 4097 l 3848 4110 l 3896 4124 l 3946 4139 l 3997 4156 l
+ 4051 4175 l 4105 4196 l 4161 4218 l 4216 4242 l 4274 4269 l
+ 4329 4296 l 4381 4323 l 4428 4349 l 4472 4375 l 4513 4401 l
+ 4550 4426 l 4585 4450 l 4617 4473 l 4647 4497 l 4675 4520 l
+ 4701 4542 l 4726 4564 l 4749 4585 l 4770 4606 l 4790 4626 l
+ 4809 4644 l 4825 4661 l 4840 4677 l 4853 4691 l 4863 4702 l
+ 4872 4712 l 4878 4719 l
+ 4888 4730 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 4726 4612 m 4866 4706 l 4786 4558 l 4726 4612 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+gs clippath
+11276 6815 m 11140 6976 l 11202 7028 l 11338 6868 l 11338 6868 l 11202 6966 l 11276 6815 l cp
+eoclip
+n 11243 6502 m 11244 6504 l 11247 6510 l 11252 6518 l 11259 6530 l 11267 6546 l
+ 11276 6563 l 11284 6583 l 11291 6604 l 11298 6627 l 11303 6652 l
+ 11306 6681 l 11307 6713 l 11304 6747 l 11299 6777 l 11292 6805 l
+ 11283 6831 l 11273 6854 l 11263 6876 l 11252 6895 l 11241 6913 l
+ 11229 6930 l 11218 6946 l 11207 6959 l 11198 6971 l
+ 11181 6991 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 11276 6815 m 11202 6966 l 11338 6868 l 11276 6815 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+7.500 slw
+ [60] 0 sd
+gs clippath
+8590 6891 m 8487 6844 l 8470 6881 l 8573 6928 l 8573 6928 l 8508 6876 l 8590 6891 l cp
+eoclip
+n 10693 7235 m 10692 7235 l 10690 7235 l 10685 7235 l 10679 7236 l 10669 7236 l
+ 10656 7236 l 10640 7237 l 10621 7238 l 10598 7238 l 10572 7239 l
+ 10544 7240 l 10512 7241 l 10478 7241 l 10442 7242 l 10404 7242 l
+ 10365 7243 l 10324 7243 l 10281 7242 l 10238 7242 l 10194 7241 l
+ 10148 7240 l 10101 7238 l 10052 7236 l 10003 7233 l 9951 7230 l
+ 9898 7226 l 9842 7221 l 9785 7216 l 9725 7209 l 9664 7202 l
+ 9600 7194 l 9536 7184 l 9471 7174 l 9403 7162 l 9337 7150 l
+ 9274 7137 l 9215 7124 l 9159 7110 l 9106 7097 l 9056 7084 l
+ 9010 7071 l 8966 7058 l 8925 7045 l 8885 7032 l 8848 7019 l
+ 8812 7006 l 8778 6993 l 8746 6981 l 8715 6968 l 8685 6956 l
+ 8657 6944 l 8631 6933 l 8607 6922 l 8585 6912 l 8565 6903 l
+ 8548 6895 l 8533 6888 l 8521 6883 l 8511 6878 l 8504 6874 l
+
+ 8493 6869 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 8590 6891 m 8508 6876 l 8573 6928 l 8590 6891 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+8591 6548 m 8479 6541 l 8476 6582 l 8589 6589 l 8589 6589 l 8509 6564 l 8591 6548 l cp
+eoclip
+n 9898 5647 m 9898 5648 l 9898 5651 l 9898 5655 l 9897 5662 l 9897 5672 l
+ 9896 5685 l 9895 5701 l 9893 5720 l 9891 5742 l 9888 5766 l
+ 9885 5793 l 9881 5821 l 9876 5851 l 9870 5882 l 9863 5913 l
+ 9854 5946 l 9845 5978 l 9833 6011 l 9820 6044 l 9805 6077 l
+ 9788 6111 l 9768 6145 l 9746 6179 l 9719 6213 l 9690 6247 l
+ 9656 6281 l 9619 6315 l 9577 6348 l 9532 6380 l 9487 6407 l
+ 9440 6432 l 9393 6455 l 9346 6475 l 9299 6492 l 9252 6507 l
+ 9206 6520 l 9161 6530 l 9116 6540 l 9072 6547 l 9028 6553 l
+ 8984 6558 l 8941 6562 l 8899 6565 l 8857 6567 l 8816 6569 l
+ 8776 6570 l 8737 6570 l 8700 6570 l 8666 6569 l 8633 6569 l
+ 8604 6568 l 8578 6567 l 8556 6566 l 8537 6565 l 8522 6565 l
+ 8510 6564 l
+ 8493 6563 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 8591 6548 m 8509 6564 l 8589 6589 l 8591 6548 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+8591 6735 m 8479 6725 l 8476 6765 l 8588 6775 l 8588 6775 l 8509 6748 l 8591 6735 l cp
+eoclip
+n 12465 5647 m 12465 5648 l 12466 5649 l 12466 5651 l 12468 5655 l 12470 5661 l
+ 12472 5668 l 12475 5678 l 12478 5689 l 12482 5703 l 12486 5719 l
+ 12491 5737 l 12495 5757 l 12500 5779 l 12504 5803 l 12508 5828 l
+ 12512 5855 l 12514 5882 l 12516 5911 l 12517 5941 l 12516 5971 l
+ 12514 6002 l 12510 6033 l 12504 6065 l 12496 6096 l 12486 6128 l
+ 12473 6160 l 12457 6192 l 12437 6224 l 12414 6256 l 12388 6287 l
+ 12356 6319 l 12321 6351 l 12280 6383 l 12234 6414 l 12181 6446 l
+ 12123 6477 l 12058 6508 l 11986 6539 l 11908 6568 l 11823 6597 l
+ 11731 6624 l 11659 6643 l 11584 6661 l 11507 6678 l 11428 6693 l
+ 11349 6707 l 11269 6721 l 11189 6732 l 11108 6743 l 11027 6753 l
+ 10947 6762 l 10866 6769 l 10786 6776 l 10706 6782 l 10626 6787 l
+ 10547 6791 l 10468 6795 l 10388 6798 l 10310 6800 l 10231 6801 l
+ 10152 6803 l 10074 6803 l 9996 6803 l 9918 6803 l 9841 6802 l
+ 9764 6801 l 9688 6800 l 9612 6798 l 9537 6796 l 9463 6794 l
+ 9391 6792 l 9320 6789 l 9250 6787 l 9182 6784 l 9117 6781 l
+ 9053 6778 l 8993 6775 l 8935 6772 l 8880 6769 l 8829 6767 l
+ 8781 6764 l 8737 6762 l 8697 6759 l 8661 6757 l 8628 6755 l
+ 8600 6754 l 8575 6752 l 8554 6751 l 8537 6750 l 8523 6749 l
+ 8512 6748 l 8504 6748 l
+ 8493 6747 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 8591 6735 m 8509 6748 l 8588 6775 l 8591 6735 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+6745 6644 m 6858 6644 l 6858 6603 l 6745 6603 l 6745 6603 l 6827 6624 l 6745 6644 l cp
+eoclip
+n 2077 5647 m 2077 5648 l 2077 5650 l 2076 5653 l 2076 5657 l 2075 5663 l
+ 2075 5670 l 2074 5679 l 2074 5690 l 2074 5702 l 2074 5716 l
+ 2074 5732 l 2075 5750 l 2076 5768 l 2078 5788 l 2081 5810 l
+ 2084 5832 l 2089 5855 l 2095 5880 l 2103 5904 l 2111 5929 l
+ 2122 5955 l 2134 5981 l 2149 6007 l 2166 6034 l 2185 6060 l
+ 2207 6087 l 2232 6113 l 2260 6140 l 2291 6166 l 2327 6193 l
+ 2367 6219 l 2411 6246 l 2460 6273 l 2515 6299 l 2575 6326 l
+ 2641 6352 l 2714 6379 l 2793 6405 l 2879 6430 l 2972 6455 l
+ 3071 6479 l 3177 6502 l 3258 6518 l 3341 6533 l 3425 6547 l
+ 3511 6560 l 3598 6572 l 3685 6584 l 3772 6594 l 3860 6604 l
+ 3947 6612 l 4034 6620 l 4120 6627 l 4206 6634 l 4292 6640 l
+ 4377 6645 l 4462 6649 l 4546 6653 l 4630 6656 l 4714 6659 l
+ 4797 6661 l 4880 6663 l 4963 6664 l 5045 6665 l 5127 6666 l
+ 5208 6666 l 5289 6666 l 5370 6666 l 5450 6665 l 5530 6665 l
+ 5608 6663 l 5686 6662 l 5763 6661 l 5838 6659 l 5912 6657 l
+ 5985 6656 l 6056 6654 l 6124 6652 l 6191 6649 l 6255 6647 l
+ 6316 6645 l 6375 6643 l 6430 6641 l 6483 6639 l 6531 6637 l
+ 6576 6636 l 6618 6634 l 6655 6632 l 6689 6631 l 6719 6630 l
+ 6746 6628 l 6768 6627 l 6787 6627 l 6803 6626 l 6816 6625 l
+ 6825 6625 l 6833 6624 l
+ 6843 6624 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 6745 6644 m 6827 6624 l 6745 6603 l 6745 6644 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+6748 6778 m 6860 6765 l 6855 6725 l 6743 6737 l 6743 6737 l 6827 6749 l 6748 6778 l cp
+eoclip
+n 733 5647 m 733 5649 l 734 5651 l 735 5654 l 736 5659 l 737 5665 l
+ 740 5674 l 743 5684 l 746 5696 l 750 5711 l 756 5727 l
+ 762 5746 l 769 5766 l 777 5788 l 786 5813 l 797 5838 l
+ 808 5866 l 821 5894 l 836 5924 l 852 5955 l 869 5987 l
+ 888 6019 l 909 6052 l 931 6085 l 956 6119 l 983 6152 l
+ 1012 6186 l 1043 6220 l 1077 6254 l 1114 6287 l 1154 6321 l
+ 1197 6354 l 1244 6387 l 1295 6420 l 1349 6453 l 1409 6486 l
+ 1473 6518 l 1543 6550 l 1618 6582 l 1699 6613 l 1786 6644 l
+ 1880 6674 l 1980 6703 l 2087 6731 l 2200 6758 l 2319 6784 l
+ 2444 6808 l 2538 6824 l 2633 6839 l 2730 6853 l 2828 6865 l
+ 2927 6877 l 3025 6887 l 3124 6896 l 3222 6905 l 3320 6912 l
+ 3418 6918 l 3515 6923 l 3611 6927 l 3707 6931 l 3801 6934 l
+ 3896 6935 l 3989 6937 l 4082 6937 l 4174 6937 l 4266 6936 l
+ 4357 6934 l 4447 6933 l 4537 6930 l 4627 6927 l 4716 6924 l
+ 4805 6920 l 4893 6915 l 4980 6911 l 5067 6906 l 5153 6901 l
+ 5239 6895 l 5324 6889 l 5408 6883 l 5491 6877 l 5573 6870 l
+ 5654 6864 l 5733 6857 l 5811 6851 l 5888 6844 l 5962 6837 l
+ 6034 6830 l 6104 6824 l 6171 6817 l 6236 6811 l 6298 6805 l
+ 6357 6799 l 6413 6793 l 6465 6788 l 6514 6783 l 6560 6778 l
+ 6602 6774 l 6640 6770 l 6674 6766 l 6705 6762 l 6732 6759 l
+ 6756 6757 l 6776 6755 l 6794 6753 l 6808 6751 l 6819 6750 l
+ 6828 6749 l 6834 6748 l
+ 6843 6747 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 6748 6778 m 6827 6749 l 6743 6737 l 6748 6778 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+6745 6522 m 6858 6522 l 6858 6481 l 6745 6481 l 6745 6481 l 6827 6502 l 6745 6522 l cp
+eoclip
+n 3361 5647 m 3361 5648 l 3361 5650 l 3360 5653 l 3360 5657 l 3359 5663 l
+ 3359 5670 l 3358 5678 l 3358 5689 l 3357 5700 l 3357 5714 l
+ 3358 5728 l 3359 5744 l 3360 5762 l 3363 5780 l 3366 5799 l
+ 3370 5819 l 3375 5840 l 3382 5861 l 3390 5882 l 3400 5904 l
+ 3412 5926 l 3425 5949 l 3441 5971 l 3460 5994 l 3481 6017 l
+ 3506 6040 l 3533 6063 l 3565 6086 l 3600 6109 l 3640 6133 l
+ 3685 6156 l 3735 6180 l 3790 6204 l 3851 6227 l 3918 6251 l
+ 3991 6274 l 4070 6297 l 4155 6319 l 4226 6336 l 4299 6352 l
+ 4374 6366 l 4450 6380 l 4526 6393 l 4603 6405 l 4680 6416 l
+ 4756 6426 l 4832 6436 l 4908 6444 l 4983 6452 l 5058 6459 l
+ 5133 6465 l 5207 6470 l 5280 6475 l 5353 6480 l 5426 6484 l
+ 5499 6488 l 5571 6491 l 5643 6493 l 5714 6496 l 5785 6498 l
+ 5855 6499 l 5925 6501 l 5993 6502 l 6061 6503 l 6127 6504 l
+ 6192 6504 l 6255 6505 l 6315 6505 l 6374 6505 l 6430 6505 l
+ 6482 6505 l 6532 6505 l 6578 6505 l 6621 6504 l 6660 6504 l
+ 6695 6504 l 6725 6503 l 6752 6503 l 6775 6503 l 6794 6503 l
+ 6809 6502 l 6821 6502 l 6830 6502 l
+ 6843 6502 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 6745 6522 m 6827 6502 l 6745 6481 l 6745 6522 l cp gs col1 1.00 shd ef gr col1 s
+/Helvetica-iso ff 165.00 scf sf
+9623 4242 m
+gs 1 -1 sc (OpenPGP) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+9776 4853 m
+gs 1 -1 sc (APDU and ISO-7816 access code) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+9623 5464 m
+gs 1 -1 sc (CCID) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+12220 5464 m
+gs 1 -1 sc (CT-API) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10957 5464 m
+gs 1 -1 sc (PC/SC) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10998 4242 m
+gs 1 -1 sc (NKS) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+12067 4242 m
+gs 1 -1 sc (PKCS#15) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+10540 2989 m
+gs 1 -1 sc (SCDaemon) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10896 6176 m
+gs 1 -1 sc (wrapper) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+458 4242 m
+gs 1 -1 sc (OpenPGP) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+611 4853 m
+gs 1 -1 sc (APDU and ISO-7816 access code) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+458 5464 m
+gs 1 -1 sc (CCID) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+3055 5464 m
+gs 1 -1 sc (CT-API) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+1792 5464 m
+gs 1 -1 sc (PC/SC) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+2291 4058 m
+gs 1 -1 sc (Gluecode) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+1375 2989 m
+gs 1 -1 sc (gpg 1.4) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+5194 5128 m
+gs 1 -1 sc 90.0 rot (Assuan) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+5194 3447 m
+gs 1 -1 sc 90.0 rot (ssh-agent) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+6110 3753 m
+gs 1 -1 sc (Private Key) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+6110 4058 m
+gs 1 -1 sc (Operations) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+6874 4822 m
+gs 1 -1 sc (Card) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+5957 4822 m
+gs 1 -1 sc (Disk) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+7790 3905 m
+gs 1 -1 sc (Cache) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+9776 3294 m
+gs 1 -1 sc 90.0 rot (Assuan) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+7027 881 m
+gs 1 -1 sc (pinentry) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+6874 1187 m
+gs 1 -1 sc (\(GTK+, Qt, Curses\)) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+11365 392 m
+gs 1 -1 sc (Alternative access paths) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+11365 698 m
+gs 1 -1 sc (IPC \(pipe or socket\)) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+11365 1003 m
+gs 1 -1 sc (Internal data flow) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+5957 2989 m
+gs 1 -1 sc (gpg-agent) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10998 7297 m
+gs 1 -1 sc (pcsd) col0 sh gr
+% Polyline
+n 7084 6526 m 7069 6526 7069 6731 15 arcto 4 {pop} repeat
+ 7069 6746 7292 6746 15 arcto 4 {pop} repeat
+ 7307 6746 7307 6541 15 arcto 4 {pop} repeat
+ 7307 6526 7084 6526 15 arcto 4 {pop} repeat
+ cp gs col31 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 7234 6691 m
+ 7307 6691 l gs col0 s gr
+% Polyline
+n 7069 6636 m
+ 7143 6636 l gs 0.00 setgray ef gr gs col0 s gr
+% Polyline
+n 7069 6581 m
+ 7143 6581 l gs col0 s gr
+% Polyline
+n 7069 6691 m
+ 7143 6691 l gs col0 s gr
+% Polyline
+n 7143 6526 m
+ 7143 6746 l gs col0 s gr
+% Polyline
+n 7307 6581 m 7234 6581 l
+ 7234 6746 l gs col0 s gr
+% Polyline
+n 7234 6636 m
+ 7307 6636 l gs col0 s gr
+% here ends figure;
+pagefooter
+showpage
+%%Trailer
+%EOF
diff --git a/doc/gnupg-card-architecture.fig b/doc/gnupg-card-architecture.fig
new file mode 100644
index 0000000..0efa362
--- /dev/null
+++ b/doc/gnupg-card-architecture.fig
@@ -0,0 +1,419 @@
+#FIG 3.2 Produced by xfig version 3.2.5-alpha5
+# Copyright 2005 Werner Koch
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+Landscape
+Center
+Metric
+A4
+100.00
+Single
+-2
+1200 2
+0 32 #414541
+0 33 #808080
+0 34 #c0c0c0
+0 35 #c6b797
+0 36 #eff8ff
+0 37 #dccba6
+0 38 #e0e0e0
+0 39 #8e8f8e
+0 40 #aaaaaa
+0 41 #555555
+0 42 #404040
+0 43 #868286
+0 44 #c7c3c7
+0 45 #e7e3e7
+0 46 #8e8e8e
+0 47 #444444
+0 48 #868686
+0 49 #c7c7c7
+0 50 #666666
+0 51 #e2e2ee
+0 52 #94949a
+0 53 #dbdbdb
+0 54 #a1a1b7
+0 55 #9c0000
+0 56 #ededed
+0 57 #86acff
+0 58 #7070ff
+0 59 #bebebe
+0 60 #515151
+0 61 #000049
+0 62 #797979
+0 63 #303430
+0 64 #c7b696
+0 65 #d7d7d7
+0 66 #aeaeae
+0 67 #85807d
+0 68 #d2d2d2
+0 69 #3a3a3a
+0 70 #4573aa
+0 71 #000000
+0 72 #e7e7e7
+0 73 #f7f7f7
+0 74 #d6d7d6
+0 75 #7b79a5
+0 76 #effbff
+0 77 #9e9e9e
+0 78 #717571
+0 79 #73758c
+0 80 #414141
+0 81 #635dce
+0 82 #565151
+0 83 #dd9d93
+0 84 #f1ece0
+0 85 #c3c3c3
+0 86 #e2c8a8
+0 87 #e1e1e1
+0 88 #da7a1a
+0 89 #f1e41a
+0 90 #887dc2
+0 91 #d6d6d6
+0 92 #8c8ca5
+0 93 #4a4a4a
+0 94 #8c6b6b
+0 95 #5a5a5a
+0 96 #636363
+0 97 #b79b73
+0 98 #4193ff
+0 99 #bf703b
+0 100 #db7700
+0 101 #dab800
+0 102 #006400
+0 103 #5a6b3b
+0 104 #d3d3d3
+0 105 #8e8ea4
+0 106 #f3b95d
+0 107 #89996b
+0 108 #646464
+0 109 #b7e6ff
+0 110 #86c0ec
+0 111 #bdbdbd
+0 112 #d39552
+0 113 #98d2fe
+0 114 #8c9c6b
+0 115 #f76b00
+0 116 #5a6b39
+0 117 #8c9c6b
+0 118 #8c9c7b
+0 119 #184a18
+0 120 #adadad
+0 121 #f7bd5a
+0 122 #636b9c
+0 123 #de0000
+0 124 #adadad
+0 125 #f7bd5a
+0 126 #adadad
+0 127 #f7bd5a
+0 128 #636b9c
+0 129 #526b29
+0 130 #949494
+0 131 #006300
+0 132 #00634a
+0 133 #7b844a
+0 134 #e7bd7b
+0 135 #a5b5c6
+0 136 #6b6b94
+0 137 #846b6b
+0 138 #529c4a
+0 139 #d6e7e7
+0 140 #526363
+0 141 #186b4a
+0 142 #9ca5b5
+0 143 #ff9400
+0 144 #ff9400
+0 145 #00634a
+0 146 #7b844a
+0 147 #63737b
+0 148 #e7bd7b
+0 149 #184a18
+0 150 #f7bd5a
+0 151 #dedede
+0 152 #f3eed3
+0 153 #f5ae5d
+0 154 #95ce99
+0 155 #b5157d
+0 156 #eeeeee
+0 157 #848484
+0 158 #7b7b7b
+0 159 #005a00
+0 160 #e77373
+0 161 #ffcb31
+0 162 #29794a
+0 163 #de2821
+0 164 #2159c6
+0 165 #f8f8f8
+0 166 #e6e6e6
+0 167 #21845a
+0 168 #ff9408
+0 169 #007000
+0 170 #d00000
+0 171 #fed600
+0 172 #d82010
+0 173 #003484
+0 174 #d62010
+0 175 #389000
+0 176 #ba0000
+0 177 #003380
+0 178 #00a7bd
+0 179 #ffc500
+0 180 #087bd0
+0 181 #fbc100
+0 182 #840029
+0 183 #07399c
+0 184 #0063bd
+0 185 #39acdf
+0 186 #42c0e0
+0 187 #31ceff
+0 188 #ffde00
+0 189 #085a00
+0 190 #ff2100
+0 191 #f75e08
+0 192 #ef7b08
+0 193 #ff8200
+0 194 #007d00
+0 195 #0000be
+0 196 #757575
+0 197 #f3f3f3
+0 198 #d7d3d7
+0 199 #aeaaae
+0 200 #c2c2c2
+0 201 #303030
+0 202 #515551
+0 203 #f7f3f7
+0 204 #717171
+6 9270 1980 13230 6570
+6 9471 3906 13014 5677
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 10540 4394 10540 3936 9471 3936 9471 4394 10540 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 10387 5616 10387 5158 9471 5158 9471 5616 10387 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 12984 5005 12984 4547 9471 4547 9471 5005 12984 5005
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 12984 5616 12984 5158 12067 5158 12067 5616 12984 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 11701 5627 11701 5168 10784 5168 10784 5627 11701 5627
+4 0 0 50 -1 16 11 0.0000 4 173 835 9623 4242 OpenPGP\001
+4 0 0 50 -1 16 11 0.0000 4 132 2770 9776 4853 APDU and ISO-7816 access code\001
+4 0 0 50 -1 16 11 0.0000 4 132 448 9623 5464 CCID\001
+4 0 0 50 -1 16 11 0.0000 4 132 601 12220 5464 CT-API\001
+4 0 0 50 -1 16 11 0.0000 4 132 560 10957 5464 PC/SC\001
+-6
+6 10693 3906 13014 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 11762 4394 11762 3936 10693 3936 10693 4394 11762 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 12984 4394 12984 3936 11915 3936 11915 4394 12984 4394
+4 0 0 50 -1 16 11 0.0000 4 132 377 10998 4242 NKS\001
+4 0 0 50 -1 16 11 0.0000 4 132 804 12067 4242 PKCS#15\001
+-6
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 13137 2072 9318 2072 9318 5739 13137 5739 13137 2072
+2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
+ 9318 3753 13137 3753
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 11691 6360 10774 6360 10774 5901 11691 5901 11691 6360
+2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
+ 11762 5739
+2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 4
+ 10693 5739 10693 6502 11762 6502 11762 5739
+4 0 0 50 -1 18 15 0.0000 4 183 1293 10540 2989 SCDaemon\001
+4 0 0 50 -1 16 11 0.0000 4 133 662 10896 6176 wrapper\001
+-6
+6 90 1980 4050 5760
+6 306 3906 3849 5677
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 1375 4394 1375 3936 306 3936 306 4394 1375 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 1222 5616 1222 5158 306 5158 306 5616 1222 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 3819 5005 3819 4547 306 4547 306 5005 3819 5005
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 3819 5616 3819 5158 2902 5158 2902 5616 3819 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 2536 5627 2536 5168 1619 5168 1619 5627 2536 5627
+4 0 0 50 -1 16 11 0.0000 4 173 835 458 4242 OpenPGP\001
+4 0 0 50 -1 16 11 0.0000 4 132 2770 611 4853 APDU and ISO-7816 access code\001
+4 0 0 50 -1 16 11 0.0000 4 132 448 458 5464 CCID\001
+4 0 0 50 -1 16 11 0.0000 4 132 601 3055 5464 CT-API\001
+4 0 0 50 -1 16 11 0.0000 4 132 560 1792 5464 PC/SC\001
+-6
+6 2139 3753 3208 4211
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 3208 4211 3208 3753 2139 3753 2139 4211 3208 4211
+4 0 0 50 -1 16 11 0.0000 4 132 784 2291 4058 Gluecode\001
+-6
+2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
+ 2597 5739
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 2139 4028 1405 4150
+2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 4
+ 153 3753 1833 3753 1833 4364 3972 4364
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 3972 2072 153 2072 153 5739 3972 5739 3972 2072
+4 0 0 50 -1 18 15 0.0000 4 224 866 1375 2989 gpg 1.4\001
+-6
+6 4888 4058 5346 5433
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 5346 5433 5346 4058 4888 4058 4888 5433 5346 5433
+4 0 0 50 -1 16 11 1.5708 4 132 611 5194 5128 Assuan\001
+-6
+6 4680 1980 8640 5760
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 5346 3753 5346 2378 4888 2378 4888 3753 5346 3753
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 8554 5739 4735 5739 4735 2072 8554 2072 8554 5739
+4 0 0 50 -1 16 11 1.5708 4 173 804 5194 3447 ssh-agent\001
+-6
+6 5805 3447 7332 4975
+6 5957 3447 7179 4211
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 7179 4211 7179 3447 5957 3447 5957 4211 7179 4211
+4 0 0 50 -1 16 11 0.0000 4 173 937 6110 3753 Private Key\001
+4 0 0 50 -1 16 11 0.0000 4 173 896 6110 4058 Operations\001
+-6
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
+ 7195 4883
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
+ 7195 4883
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 7332 4975 7332 4517 6721 4517 6721 4975 7332 4975
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
+ 1 1 1.00 40.73 81.47
+ 1 1 1.00 40.73 81.47
+ 6568 4211 7027 4517
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
+ 1 1 1.00 40.73 81.47
+ 1 1 1.00 40.73 81.47
+ 6568 4211 6110 4517
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 6416 4975 6416 4517 5805 4517 5805 4975 6416 4975
+4 0 0 50 -1 16 11 0.0000 4 132 397 6874 4822 Card\001
+4 0 0 50 -1 16 11 0.0000 4 132 356 5957 4822 Disk\001
+-6
+6 7638 3600 8401 4058
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 8401 4058 8401 3600 7638 3600 7638 4058 8401 4058
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
+ 7638 3814
+4 0 0 50 -1 16 11 0.0000 4 132 530 7790 3905 Cache\001
+-6
+6 9471 2225 9929 3600
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 9929 3600 9929 2225 9471 2225 9471 3600 9929 3600
+4 0 0 50 -1 16 11 1.5708 4 132 611 9776 3294 Assuan\001
+-6
+6 6480 360 8640 1440
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 8554 1339 6568 1339 6568 423 8554 423 8554 1339
+4 0 0 50 -1 18 15 0.0000 4 234 967 7027 881 pinentry\001
+4 0 0 50 -1 16 10 0.0000 4 153 1375 6874 1187 (GTK+, Qt, Curses)\001
+-6
+6 10570 270 13137 1003
+2 1 1 1 1 2 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 10632 331 11181 331
+2 1 0 2 1 2 50 -1 -1 6.000 0 0 -1 1 0 2
+ 1 1 2.00 81.47 162.94
+ 10632 637 11181 637
+2 1 0 1 0 2 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 10632 942 11181 942
+4 0 0 50 -1 16 10 0.0000 4 163 1762 11365 392 Alternative access paths\001
+4 0 0 50 -1 16 10 0.0000 4 163 1426 11365 698 IPC (pipe or socket)\001
+4 0 0 50 -1 16 10 0.0000 4 122 1232 11365 1003 Internal data flow\001
+-6
+# Smartcard ID-1
+6 6840 6120 8550 7200
+6 7069 6526 7307 6746
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7234 6691 7307 6691
+2 1 0 1 0 0 48 -1 20 0.000 0 0 -1 0 0 2
+ 7069 6636 7143 6636
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7069 6581 7143 6581
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7069 6691 7143 6691
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7143 6526 7143 6746
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 3
+ 7307 6581 7234 6581 7234 6746
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7234 6636 7307 6636
+2 4 0 1 0 31 49 -1 20 0.000 0 0 1 0 0 5
+ 7069 6526 7307 6526 7307 6746 7069 6746 7069 6526
+-6
+2 4 0 1 -1 7 50 -1 20 0.000 0 0 1 0 0 5
+ 8472 7185 6904 7185 6904 6197 8472 6197 8472 7185
+-6
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 5346 3142 5957 3753
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 5346 4669 5957 3905
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
+ 1 1 1.00 40.73 81.47
+ 1 1 1.00 40.73 81.47
+ 7179 3814 7638 3814
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 11731 7480 10693 7480 10693 6991 11731 6991 11731 7480
+3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
+ 1 1 2.00 81.47 162.94
+ 8022 3600 8096 2225 7513 1360
+ 0.000 -1.000 0.000
+3 2 0 2 1 2 50 -1 -1 0.000 0 1 0 3
+ 0 0 2.00 81.47 162.94
+ 7332 4730 8737 4486 9471 2897
+ 0.000 -1.000 0.000
+3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
+ 1 1 2.00 81.47 162.94
+ 3238 3997 4216 4242 4888 4730
+ 0.000 -1.000 0.000
+3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
+ 1 1 2.00 81.47 162.94
+ 11243 6502 11304 6747 11181 6991
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 10693 7235 9471 7174 8493 6869
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 9898 5647 9532 6380 8493 6563
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 12465 5647 11731 6624 8493 6747
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 2077 5647 3177 6502 6843 6624
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 733 5647 2444 6808 6843 6747
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 3361 5647 4155 6319 6843 6502
+ 0.000 -1.000 0.000
+4 0 0 50 -1 18 15 0.0000 4 214 1191 5957 2989 gpg-agent\001
+4 0 0 50 -1 16 11 0.0000 4 173 387 10998 7297 pcsd\001
diff --git a/doc/gnupg-card-architecture.pdf b/doc/gnupg-card-architecture.pdf
new file mode 100644
index 0000000..dac8c4c
--- /dev/null
+++ b/doc/gnupg-card-architecture.pdf
Binary files differ
diff --git a/doc/gnupg-card-architecture.png b/doc/gnupg-card-architecture.png
new file mode 100644
index 0000000..860bbb9
--- /dev/null
+++ b/doc/gnupg-card-architecture.png
Binary files differ
diff --git a/doc/gnupg-logo.eps b/doc/gnupg-logo.eps
new file mode 100644
index 0000000..d428f23
--- /dev/null
+++ b/doc/gnupg-logo.eps
@@ -0,0 +1,2704 @@
+%!PS-Adobe-3.0 EPSF-3.0
+%%Creator: (ImageMagick)
+%%Title: (gnupg-logo.eps)
+%%CreationDate: (Thu Mar 8 17:48:33 2007)
+%%BoundingBox: 0 0 118 38
+%%HiResBoundingBox: 0 0 118.11 38
+%%DocumentData: Clean7Bit
+%%LanguageLevel: 1
+%%Pages: 1
+%%EndComments
+
+%%BeginDefaults
+%%EndDefaults
+
+%%BeginProlog
+%
+% Display a color image. The image is displayed in color on
+% Postscript viewers or printers that support color, otherwise
+% it is displayed as grayscale.
+%
+/DirectClassPacket
+{
+ %
+ % Get a DirectClass packet.
+ %
+ % Parameters:
+ % red.
+ % green.
+ % blue.
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile color_packet readhexstring pop pop
+ compression 0 eq
+ {
+ /number_pixels 3 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add 3 mul def
+ } ifelse
+ 0 3 number_pixels 1 sub
+ {
+ pixels exch color_packet putinterval
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/DirectClassImage
+{
+ %
+ % Display a DirectClass image.
+ %
+ systemdict /colorimage known
+ {
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { DirectClassPacket } false 3 colorimage
+ }
+ {
+ %
+ % No colorimage operator; convert to grayscale.
+ %
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { GrayDirectClassPacket } image
+ } ifelse
+} bind def
+
+/GrayDirectClassPacket
+{
+ %
+ % Get a DirectClass packet; convert to grayscale.
+ %
+ % Parameters:
+ % red
+ % green
+ % blue
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile color_packet readhexstring pop pop
+ color_packet 0 get 0.299 mul
+ color_packet 1 get 0.587 mul add
+ color_packet 2 get 0.114 mul add
+ cvi
+ /gray_packet exch def
+ compression 0 eq
+ {
+ /number_pixels 1 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add def
+ } ifelse
+ 0 1 number_pixels 1 sub
+ {
+ pixels exch gray_packet put
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/GrayPseudoClassPacket
+{
+ %
+ % Get a PseudoClass packet; convert to grayscale.
+ %
+ % Parameters:
+ % index: index into the colormap.
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile byte readhexstring pop 0 get
+ /offset exch 3 mul def
+ /color_packet colormap offset 3 getinterval def
+ color_packet 0 get 0.299 mul
+ color_packet 1 get 0.587 mul add
+ color_packet 2 get 0.114 mul add
+ cvi
+ /gray_packet exch def
+ compression 0 eq
+ {
+ /number_pixels 1 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add def
+ } ifelse
+ 0 1 number_pixels 1 sub
+ {
+ pixels exch gray_packet put
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/PseudoClassPacket
+{
+ %
+ % Get a PseudoClass packet.
+ %
+ % Parameters:
+ % index: index into the colormap.
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile byte readhexstring pop 0 get
+ /offset exch 3 mul def
+ /color_packet colormap offset 3 getinterval def
+ compression 0 eq
+ {
+ /number_pixels 3 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add 3 mul def
+ } ifelse
+ 0 3 number_pixels 1 sub
+ {
+ pixels exch color_packet putinterval
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/PseudoClassImage
+{
+ %
+ % Display a PseudoClass image.
+ %
+ % Parameters:
+ % class: 0-PseudoClass or 1-Grayscale.
+ %
+ currentfile buffer readline pop
+ token pop /class exch def pop
+ class 0 gt
+ {
+ currentfile buffer readline pop
+ token pop /depth exch def pop
+ /grays columns 8 add depth sub depth mul 8 idiv string def
+ columns rows depth
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { currentfile grays readhexstring pop } image
+ }
+ {
+ %
+ % Parameters:
+ % colors: number of colors in the colormap.
+ % colormap: red, green, blue color packets.
+ %
+ currentfile buffer readline pop
+ token pop /colors exch def pop
+ /colors colors 3 mul def
+ /colormap colors string def
+ currentfile colormap readhexstring pop pop
+ systemdict /colorimage known
+ {
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { PseudoClassPacket } false 3 colorimage
+ }
+ {
+ %
+ % No colorimage operator; convert to grayscale.
+ %
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { GrayPseudoClassPacket } image
+ } ifelse
+ } ifelse
+} bind def
+
+/DisplayImage
+{
+ %
+ % Display a DirectClass or PseudoClass image.
+ %
+ % Parameters:
+ % x & y translation.
+ % x & y scale.
+ % label pointsize.
+ % image label.
+ % image columns & rows.
+ % class: 0-DirectClass or 1-PseudoClass.
+ % compression: 0-none or 1-RunlengthEncoded.
+ % hex color packets.
+ %
+ gsave
+ /buffer 512 string def
+ /byte 1 string def
+ /color_packet 3 string def
+ /pixels 768 string def
+
+ currentfile buffer readline pop
+ token pop /x exch def
+ token pop /y exch def pop
+ x y translate
+ currentfile buffer readline pop
+ token pop /x exch def
+ token pop /y exch def pop
+ currentfile buffer readline pop
+ token pop /pointsize exch def pop
+ /Times-Roman findfont pointsize scalefont setfont
+ x y scale
+ currentfile buffer readline pop
+ token pop /columns exch def
+ token pop /rows exch def pop
+ currentfile buffer readline pop
+ token pop /class exch def pop
+ currentfile buffer readline pop
+ token pop /compression exch def pop
+ class 0 gt { PseudoClassImage } { DirectClassImage } ifelse
+ grestore
+} bind def
+%%EndProlog
+%%Page: 1 1
+%%PageBoundingBox: 0 0 118 38
+userdict begin
+DisplayImage
+0 0
+118.11 38.189
+12.000000
+300 97
+0
+0
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFBFE3F675C3EC33A7E30795DE008EDB008CDB
+008DDB008FDC0092DD0093DD0093DD0093DD0093DD0091DC008FDC008DDB008CDB008EDB
+0996DE38AAE47AC5EDC3E5F7FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEBF7FC91CFF031A6E30090DC008CDB008FDC0092DD0093DD0093DD
+0093DD0092DD0091DC0090DC0090DC008FDC0090DC0091DC0091DD0092DD0093DD0093DD
+0092DD008FDC008CDB0091DC35A8E397D2F1F0F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFEDF8FD81C8EE1B9DE0008CDB008FDC0093DD0093DD0093DD0091DD008FDC008DDB
+008DDB0092DD0E99DF1B9EE126A3E22AA5E320A1E11A9EE00A97DE0091DC008DDB008DDB
+008FDC0092DD0093DD0092DD008FDC008DDB229FE189CCEFF1F9FDFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+A1D7F2239FE1008CDB0090DC0093DD0093DD0092DD008EDC008DDB0C97DE37A9E474C3EC
+A4D7F3C8E7F8E6F4FCF4FAFDFCFEFFFFFFFFFEFFFFFCFEFFEBF7FCCDEAF8A5D8F370C2EC
+32A7E30895DE008DDB008FDC0093DD0093DD0090DC008CDB28A2E2ACDBF4FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB4CB2E6
+008EDB008FDC0093DD0093DD0092DD008DDB0091DC3FACE597D2F1DFF1FBFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEE7F4FCD5EDF9CBE9F8C4E5F7CFEAF8DDF1FAEEF8FD
+EFF8FDD6EDF995D1F140ADE50593DD008FDC0093DD0093DD008FDC008EDC56B6E8E6F5FC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB1DEF51A9CE0008CDB
+0093DD0093DD0093DD008EDB0493DD55B5E8C3E5F7FFFFFFFFFFFFFFFFFFFFFFFFF9FDFE
+CDE9F89BD4F165BDEA38AAE41F9FE10D98DF0294DD0091DC008FDC0091DC0193DD0B97DE
+1D9FE13AABE468BFEB8DCEF07AC5ED39A9E40A95DE0092DD0093DD0092DD008CDB229FE0
+BBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ACDEF0090DC0090DC0093DD
+0093DD0091DC008DDB44AEE6C7E7F8FFFFFFFFFFFFFFFFFFFFFFFFC9E7F871C2EC2AA3E2
+0192DD008DDB008DDB008FDC0090DC0091DC0092DD0092DD0093DD0092DD0092DD0091DD
+0090DC008FDC008DDB008EDB0996DE23A2E2189DE00192DD0093DD0093DD0093DD008FDC
+0592DD96D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF73C3EC008DDB0091DD0093DD0093DD
+008EDB1198DF96D2F1FFFFFFFFFFFFFFFFFFF6FBFE9FD6F241ADE50092DD008CDB008FDC
+0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0092DD0091DC0092DD0093DD0093DD0093DD0093DD0093DD
+0091DC008EDC82CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6CC0EB008BDB0092DD0093DD0093DD008CDB
+34A7E3D3ECF9FFFFFFFFFFFFFFFFFFA4D8F22BA3E2008DDB008EDB0092DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008DDB7CC8EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF78C6ED008DDB0092DD0093DD0093DD008CDB55B6E8
+F0F9FDFFFFFFFFFFFFC9E8F842ADE5008EDB008FDC0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0092DD008DDB89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF9AD4F1008EDB0092DD0093DD0093DD008CDB61BCEAFCFEFF
+FFFFFFFEFFFF87CBEF0894DD008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD008FDCA6D9F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFC4E6F70793DD0091DC0093DD0093DD008CDB5AB9E9FEFEFFFFFFFF
+E6F5FC4BB1E7008CDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0090DC0D96DED2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFF0F9FD28A3E2008EDB0093DD0093DD008DDB40AEE5F8FCFEFFFFFFD3ECF9
+29A2E2008CDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0092DD0090DC008FDC008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD008DDB33A8E4F7FBFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF68BFEB008BDB0093DD0093DD008FDC1D9EE1E6F4FCFFFFFFC8E8F8179ADF
+008EDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008CDB
+0091DC1B9EE139ABE454B6E86AC0EB68BFEB52B6E837AAE4199DE00090DC008CDB0090DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD008CDB7EC8EEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFC5E6F70191DC0092DD0093DD0092DD0190DCB8E1F6FFFFFFC9E9F81499DF008FDB
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDC2EA6E380C8EE
+C3E5F7F0F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF8FDBDE3F679C5ED29A3E2
+008EDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0091DC0894DED2ECF9FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FEFFFF3FAEE5008DDB0093DD0093DD008CDB65BEEAFFFFFFD9EFFA189BDF008EDC0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0091DD008DDB2FA5E3A7D9F3F9FDFEFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE
+A0D6F229A3E2008CDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4CB4E7FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+B3DFF5008FDB0093DD0093DD0090DC189CE0ECF7FCF0F9FD2FA6E3008EDB0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD008FDC0693DD85CBEEF5FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFF2FAFD79C6ED0291DD0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0291DCC3E6F7FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF
+3AACE5008EDB0093DD0093DD008CDB8DCFF0FFFFFF56B7E8008CDB0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008EDB1A9CE0BDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFB3DFF51298DF008FDC0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4EB4E7FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E7F8
+0191DC0092DD0093DD0090DC189DE0F9FCFEA2D8F3008DDB0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD008EDC1F9EE0D5EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFCDEAF8199CE0008FDC0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0493DDD1ECF9FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB
+008CDB0093DD0093DD008CDB80C9EEEDF7FD1199DF0090DC0093DD0093DD0093DD0093DD
+0093DD0093DD0090DC1398DFD1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC3E6F70B95DD0091DC0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB78C6EDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FD179DE0
+0090DC0093DD0092DD0594DEE4F3FB60BCEA008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008FDCACDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FD7F2008EDB0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC29A5E3F9FCFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB4DFF5008FDC
+0093DD0093DD008EDB49B2E7CBE9F80492DD0092DD0093DD0093DD0093DD0093DD0093DD
+0093DD008DDB64BDEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF51B5E8008DDB0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DCC8E8F8
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008CDB
+0093DD0093DD008DDB8DCFF057B8E9008DDB0093DD0093DD0093DD0093DD0093DD0093DD
+0091DC1199DFE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBEFFA0B96DE0091DC0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF36AAE4008FDC
+0093DD0093DD0694DD85CBEF0996DE0092DD0093DD0093DD0093DD0093DD0093DD0093DD
+008CDB75C5ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF69BFEB008CDB0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB46B0E7
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0091DC23A2E252B6E8008EDC0093DD0093DD0093DD0093DD0093DD0093DD0092DD
+0895DDD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0EBF90493DD0092DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC189DE0
+F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F70091DD0093DD
+0093DD0091DC1FA0E1169CE00091DC0093DD0093DD0093DD0093DD0093DD0093DD008EDB
+40AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF2EA7E3008FDC0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0394DD
+D2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5D9F3008EDB0093DD
+0093DD0093DD0294DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB
+89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF72C3EC008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC
+B8E1F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC
+BAE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA8DAF3008EDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB
+9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF77C5ED008CDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0495DE
+D4EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F80092DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB
+8CCFF0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC0C99DF
+E4F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBF0FB0797DE0092DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F4FC0E99DF0092DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD139BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6DC1EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+F1F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1F8FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+7FC9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEF4FAFDF4FAFEF4FAFEF4FAFE66BEEA008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC119BDF
+E3F3FCF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE
+F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE
+F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEE3F3FC119BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0087D9
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF58B8E91E9BDF1EA0E11EA0E11EA0E10D98DF0092DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0294DD
+1C9FE11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1
+1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1
+1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11C9FE10294DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB008FDC58B7E8
+E3F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB6E0F591D0F071C2EC
+53B5E841AEE637AAE436AAE436A9E43FADE554B6E872C3EC91D0F0B5DFF5DDF0FAFCFDFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFEFFE0F2FBDDF0FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FA
+DDF1FADDF1FADDF1FADDF1FADDF1FADDF0FAE5F4FBEEF8FDF6FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB7E0F593D0F071C2EC53B5E8
+41AEE536AAE436AAE436A9E43EADE553B6E870C2EC90D0F0B6DFF5DEF1FBFCFDFEFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF3DADE5008BDA0090DC0090DC0090DC0092DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC
+0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC
+0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB37A8E4B1DEF4FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFEFFFFC7E7F780C8EE39AAE40E98DF008FDC008DDB008CDB
+008DDB008EDB008FDC008FDC008FDC008EDB008DDB008CDB008DDB008FDC0A96DE2CA4E2
+62BCEAA2D7F2DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFDFEFF3FADE60993DD0997DE0997DE0997DE0997DE0997DE0997DE0997DE0997DE
+0997DE0997DE0997DE0997DE0997DE0996DE0D99DF159BE023A1E13AABE467BEEAA2D6F2
+DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFC7E7F77FC7EE37A9E40F98DF008FDC008DDB008CDB008DDB
+008EDB008FDC008FDC008FDC008EDC008DDB008CDB008DDB008FDC0A97DE2CA4E260BBEA
+A4D7F3DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0092DD008EDB008DDB2EA5E3A1D6F2FCFEFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFF9FDFEA1D7F238A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC
+008DDB008DDB0895DE40ACE590CFF0EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF58B8E9008BDA0092DD0092DD0092DD0092DD0092DD0092DD0092DD0092DD
+0092DD0092DD0092DD0092DD0092DD0092DD0091DC0091DC0090DC008FDC008DDB008DDB
+0995DE4CB2E7B4DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFF9FDFEA1D6F239A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB
+008DDB0996DE3FACE591D0F0ECF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0091DC008DDB0090DC3DABE4A1D7F2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFAFDDF434A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC
+008EDB008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD
+0093DD0093DD0092DD008EDB0089D99DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF62BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0091DC008DDB
+008DDB008DDB008DDB008DDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD
+0092DD008DDB008FDC4CB1E7D1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+B0DDF535A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC008EDB
+008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD
+0093DD0092DD008EDC0089D9A8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC
+008DDB008DDB1A9CE061BAEAC0E4F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FC
+63BCEA008EDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0090DC22A1E1
+4BB3E76FC2EC86CCEF94D2F194D2F186CCEF6DC1EB4AB2E722A1E10092DD008CDB008FDC
+0093DD0093DD0093DD0093DD008EDB9DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0091DC25A3E261BCEA
+61BCEA61BCEA61BCEA61BCEA5BBAE944AFE621A1E10090DC008DDB0092DD0093DD0093DD
+0093DD0093DD0093DD008CDB1097DEABDBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD63BBEA
+008FDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0091DC22A1E14AB2E7
+6EC1EB87CCEF94D2F194D2F185CBEF6CC0EB4AB2E723A1E10092DD008CDB008FDC0093DD
+0093DD0093DD0093DD008EDBA8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC008CDB008EDB1299DF
+50B4E7A3D7F2ECF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EDF92BA4E2
+008CDB0092DD0093DD0093DD0093DD0093DD0092DD008DDB0C96DE63BCEABDE3F6F5FBFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC7E7F780C8EE2BA4E2
+008FDC008EDB0092DD0093DD008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB66BEEBFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFDBDE3F655B6E80090DC0090DC0093DD
+0093DD0093DD0093DD0093DD0090DC008FDCA0D7F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD6EEFA2DA4E2008BDB
+0092DD0093DD0093DD0093DD0093DD0093DD008DDB0B96DE63BCE9BEE3F6F5FBFEFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC8E7F782C9EE2CA4E2008FDC
+008EDB0092DD0093DD008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD008FDC008DDB008DDB0494DD2AA4E268BEEAA6D9F3E6F4FB
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE9F6FC93D1F1FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E6F71A9BE0008EDB
+0093DD0093DD0093DD0093DD0093DD0091DC008FDC5CB9E9D6EEFAFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFE
+B1DEF549B0E60090DC008EDB008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAEDCF41499DF008FDC
+0093DD0093DD0093DD0093DD0093DD0090DC0894DDC6E7F8FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F81A9BDF008EDB0093DD
+0093DD0093DD0093DD0093DD0091DC008FDC5AB8E8D4ECF9FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFEB1DEF5
+49B0E60090DC008EDB008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC
+008DDB008DDB008FDC0996DE2DA6E35FBAE99BD4F1D3ECF9F9FCFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF4FAFD3AAAE440AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0ECF91399DF008EDC0093DD
+0093DD0093DD0093DD0093DD008FDC0B95DE9ED5F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFB5DFF536A8E30087D99AD4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F80F96DE
+0091DC0093DD0093DD0093DD0093DD0093DD008EDB2CA6E3F6FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEBF9169ADF008EDB0093DD0093DD
+0093DD0093DD0093DD0090DC0A95DE9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFB7E0F537A8E40087D9A5D8F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD0091DC0090DC008FDC008EDB008DDB008DDB008EDB0394DD199DE035A9E4
+60BBE98ECEF0B8E1F6DCF0FAFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFEEF8FD43AEE60087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB209FE1008EDB0093DD0093DD
+0093DD0093DD0093DD008FDC1399DEC0E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF9FDFE84C9EEAADBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF99D4F2
+008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDBA2D8F2FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB209FE1008EDB0093DD0093DD0093DD
+0093DD0093DD0090DC0F97DEBBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFAFDFE85CAEEB3DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD0091DC008FDC008EDB008DDB008DDB008CDB008DDB008EDB
+0090DC0495DD0E99DF1E9FE131A7E34AB2E76FC2EC91D0F0B0DDF4D3ECF9F0F8FDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFE4F4FC36A8E3008CDB008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF48B1E7008CDB0093DD0093DD0093DD
+0093DD0093DD0091DC0793DDBDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFF
+2FA7E3008FDC0093DD0093DD0093DD0093DD0093DD008EDB3AACE5FEFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF4AB2E7008CDB0093DD0093DD0093DD0093DD
+0093DD0091DC0692DDB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC
+008EDB008CDB008EDC0294DD139BDF2CA5E342AFE659B8E969BFEB7CC7ED91D0F0ACDBF4
+C3E5F7D5EDF9E6F4FCF4FAFDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+CDEAF924A0E1008DDB0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008CDB0093DD0093DD0093DD0093DD
+0093DD0093DD008DDB94D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEE1F2FBC7E7F7BDE3F6BDE3F6
+C0E4F6D7EEF9F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+93D1F0008DDB0093DD0093DD0093DD0093DD0093DD0092DD0795DEDBF0FAFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD008DDB92D1F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC008CDB0090DC1C9EE0
+4AB1E778C5EDAFDCF4D2EBF9EBF6FCFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4
+1398DF008EDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE0F2FB0F98DF0090DC0093DD0093DD0093DD0093DD
+0093DD008DDB4CB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEAF6FC9ED6F29ED6F29ED6F29ED6F29ED6F29ED6F29ED4F1D7EEFA
+FFFFFFFFFFFFFFFFFFFFFFFFF4FBFEAEDCF45DB9E928A3E20B97DE0091DC008FDC008FDC
+008FDC0695DE1A9DE044AFE691CFF0E0F2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE7F5FC9ED5F29ED6F29ED6F2
+9ED6F29ED6F29ED6F29ED4F1B6E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB9E1F69ED4F19ED6F29ED6F2
+9ED6F29ED6F29ED6F29ED4F2DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+D4EDF90594DD0092DD0093DD0093DD0093DD0093DD0093DD008EDCA9DBF3FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE4F3FB1099DF0090DC0093DD0093DD0093DD0093DD0093DD
+008DDB49B2E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0091DC008DDB0090DC2AA3E275C4ECBDE3F6F1F9FD
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF7FC8EE0090DC
+0090DC0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC1EB008CDB0093DD0093DD0093DD0093DD0093DD
+0092DC0A95DDD8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDBF0FA0092DD008CDB008EDB008EDB008EDB008EDB0087D98FD0F0
+FFFFFFFFFFFFFFFFFFA1D7F32AA2E2008EDB008DDB0090DC0091DD0092DD0093DD0093DD
+0093DD0092DD0091DC008EDB008CDB1198DF7FC8EEF7FCFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1EBF9008FDC008CDB008EDB
+008EDB008EDB008EDB0087D953B6E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF57B8E90087D9008EDB008EDB
+008EDB008EDB008DDB008CDBC4E6F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+F6FBFE1EA0E10090DC0093DD0093DD0093DD0093DD0093DD008CDB88CDEFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008CDB0093DD0093DD0093DD0093DD0093DD0091DC
+0995DED6EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0091DC008CDB0D97DE60BAE9B8E0F5F9FCFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FA49B0E6008DDB0092DD
+0093DD0093DD0093DD0093DD008ADA4DB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE1F3FB0D98DF0091DD0093DD0093DD0093DD0093DD0093DD
+008CDB66BFEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB93D2F1
+FFFFFFF6FBFE5DBAE9008DDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0091DC008BDB3BAAE4E1F2FBFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE8F5FC0F9ADF0091DC0093DD
+0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008DDB72C3ECFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFE2F2FB0C97DE0091DC0093DD0093DD0093DD0093DD0093DD008DDB
+65BEEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008DDB0D96DE71C1ECDBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA4D8F31A9BDF008DDB0093DD0093DD
+0093DD0093DD008FDC008EDB1C9ADF6ABFEBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF84CBEE008CDB0093DD0093DD0093DD0093DD0093DD0092DD
+0492DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB98D4F1
+FFFFFF50B4E7008BDA0092DD0093DD0093DD0093DD0092DD0092DD0092DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB2AA3E2E7F5FCFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF37ABE4008FDC0093DD0093DD0093DD0093DD0093DD008DDB69BFEBFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF84CBEF008CDB0093DD0093DD0093DD0093DD0093DD0092DD0393DD
+CFEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+008FDC0091DC63BCEAD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FB57B7E8008EDB0090DC0093DD0093DD0093DD
+0090DC008DDB33A7E3A5D8F3F1F9FDACDCF4FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFBFDFF2CA6E3008FDC0093DD0093DD0093DD0093DD0093DD008FDB
+32A8E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDBA1D8F2
+83CAEE008BDA0093DD0093DD008FDC008DDB008EDB0091DC0093DD0091DC008EDB008DDB
+0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD008BDA4EB4E7FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008CDB73C3ECFFFFFFFFFFFF
+FFFFFFFFFFFFFEFEFF31A8E4008FDC0093DD0093DD0093DD0093DD0093DD008FDC2BA6E3
+FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0092DD008CDB
+2AA3E2B7E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF6FBFE8DCEEF1499DF008CDB0092DD0093DD0093DD0091DC008CDB
+209EE097D2F1F9FCFEFFFFFFC6E7F756B7E9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFD4ECF90394DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB
+6EC1ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD45B0E6
+0695DE0092DD0090DC008FDC31A7E37DC7EEADDCF4C6E7F7CDEAF8C5E6F7A7D9F368BEEB
+189CE0008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDCBAE2F6FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+F7FCFE21A1E20090DC0093DD0093DD0093DD0093DD0093DD008DDB8BCEEFFFFFFFFFFFFF
+FFFFFFFFFFFFD3ECF90493DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0091DC008EDB66BDEA
+F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFFFFA5D8F32CA3E2008DDB0091DC0093DD0093DD0092DD008CDB0B95DE78C5EC
+ECF7FCFFFFFFFFFFFFF8FCFE2BA4E245B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF91D0F1008CDB0093DD0093DD0093DD0093DD0093DD0093DD008EDB
+B0DDF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0091DC
+0092DD008EDB1D9DE0ACDBF4FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+E8F5FC65BDEA008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB52B6E8FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+D9EFFA0695DD0092DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4FFFFFFFFFFFF
+FFFFFFFFFFFF95D2F1008DDB0093DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0090DC0793DD97D3F1FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFE
+ABDBF43BABE4008EDB008FDC0093DD0093DD0093DD008EDB0091DC54B5E7D2ECF9FFFFFF
+FFFFFFFFFFFFFFFFFF79C7ED0087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF57B8E9008DDB0093DD0093DD0093DD0093DD0093DD0092DD0696DE
+DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0093DD
+008FDC229FE1D8EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF66BEEA008DDB0093DD0093DD0093DD0093DD0093DD0090DC189EE0F2F9FD
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+9AD4F1008DDB0093DD0093DD0093DD0093DD0093DD0092DD0896DEDDF1FBFFFFFFFFFFFF
+FFFFFFFFFFFF56B7E8008DDB0093DD0093DD0093DD0093DD0093DD0092DD0796DEDAEFFA
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD008FDB1399DFB8E1F6FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEAF6FC96D1F02FA5E3
+008EDB008EDC0093DD0093DD0092DD008DDB008EDB44AEE5BDE3F6FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFA9DBF3008FDC008CDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFBFDFF2BA5E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC1FA0E1
+F6FBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0092DC
+0894DDC8E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFEEF7FD189DE00090DC0093DD0093DD0093DD0093DD0092DD0495DED6EDFA
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+3BACE5008EDB0093DD0093DD0093DD0093DD0093DD008EDB3DADE5FFFFFFFFFFFFFFFFFF
+FFFFFFFCFEFF2BA6E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC23A2E2F9FCFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB008FDC169ADFC7E8F8FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEBBE2F66BBFEB189CE0008DDB008FDC
+0093DD0092DD0090DC008CDB0292DD47AFE6AEDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFCEEBF90F97DE0090DC008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFE6F4FC0D99DF0091DC0093DD0093DD0093DD0093DD0093DD008EDB42AFE6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008DDB
+61BCEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF6BC0EC008DDB0093DD0093DD0093DD0093DD0093DD0090DCC1E5F7
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB7E1F5
+0190DC0093DD0093DD0093DD0093DD0093DD0093DD008DDBA2D7F2FFFFFFFFFFFFFFFFFF
+FFFFFFEAF6FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008EDB3CACE5FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008ADA1198DECAE9F8FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEFF8FDB7E0F571C2EC28A2E20090DC008CDB0090DC0091DC008EDB
+008DDB0091DC27A2E273C3ECCDE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+E0F2FB219FE1008EDC0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFD0EBF80294DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB5CBAE9
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD0292DD
+CBE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFA7DAF3008DDB0093DD0093DD0093DD0093DD0093DD008FDCBCE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFD2BA4E2
+008FDC0093DD0093DD0093DD0093DD0093DD008EDC2BA5E3F5FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFCFEBF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB58B9E8FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF3DADE5038EDCB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3FAFDD8EEFA
+B1DDF479C5ED44AFE6169BE0008DDB0089DA008BDA008CDB008DDB0091DC1A9DE046B0E6
+89CCEFC5E6F7F7FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9F6FC
+31A6E3008DDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFC0E4F70090DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0090DC27A4E2
+FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBEE4F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE4FB3E7008DDB
+0093DD0093DD0093DD0093DD0093DD0090DC0592DDC2E5F7FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB75C4ECFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEF6FBFEF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF37AAE48FD0F0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFAFDFEDCF0FABEE3F6A7D9F38CCEEF72C3EC56B7E836A9E4159BE00091DC
+008DDB008CDB0090DC0796DE199DE02EA6E347B0E674C3EC9BD4F1C6E6F7EFF8FDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE6F5FC35A8E3
+008DDB0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFAEDCF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4229DE0
+22A1E122A1E122A1E122A1E122A1E122A0E12FA7E3EBF6FCFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB51B5E8
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF83FADE5008DDB0093DD
+0093DD0093DD0093DD0093DD0091DC008EDB95D3F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFAADCF4008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB84CBEFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDDF4229DE022A1E1
+22A1E122A1E122A1E122A1E122A0E133A9E4EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFCFEFFADDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFCFEFFEFF8FDE3F3FBD4EDF9C4E6F7BAE1F6B5E0F5B2DEF5B6E0F5BAE2F6
+C5E6F7CCE9F8D7EEFAE4F4FBF1F9FDFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD8EEFA2BA3E2008DDB
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFA8D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB82CAEE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E5F7008EDC
+008FDC0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB63BDEA
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5DBAE9F4FAFE
+F4FAFEF4FAFEF4FAFEF2FAFDE9F5FCCBE9F89DD5F250B4E70794DD008EDC0093DD0093DD
+0093DD0093DD0093DD008EDB0491DD98D4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBBE2F6008CDB0090DC
+0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFE4F61B9CE0008EDB0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF9CD5F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB94D2F1
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC33A9E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6FC2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0B98DE1EA0E1
+1EA0E11EA0E11EA0E11B9FE1109ADF0093DD008DDB008EDB0092DD0093DD0093DD0093DD
+0093DD0090DC008CDB2BA3E2B8E1F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFF00793DD008FDC0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFA7D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB88CDEF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC
+0090DC0090DC0090DC0090DC0091DC0092DD0093DD0093DD0093DD0093DD0091DC008EDB
+008CDB1B9CE083CAEEF3FAFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF9DD6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB90D0F0FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB54B5E8008DDB0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFABDBF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB80C9EE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC
+0090DC0090DC0090DC0090DC008FDC008FDC008EDB008DDB008CDB008FDC0F98DF49B1E6
+97D2F1EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFA7DAF3008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB89CDEFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFDFFFF98D3F1179BDF008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD0093DD008DDB78C5ED
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0D98DF22A1E1
+22A1E122A1E122A1E123A2E130A7E335A9E446B0E65EBAE981C8EEB3DEF5E3F3FBFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB7CC7EDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFB7E0F53CABE5008DDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFCEEAF80293DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEB
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5EBAEAF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEFEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFCCEAF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF
+BBE2F648B0E60090DC008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFE2F2FB0B98DF0091DC0093DD0093DD0093DD0093DD0093DD008DDB4DB4E7
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFE7F5FC0E99DF0091DD0093DD0093DD0093DD0093DD0093DD008EDB47B1E7FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FC9BD4F138A9E4
+0091DC008EDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFAFCFF26A3E20090DC0093DD0093DD0093DD0093DD0093DD008FDC2EA7E3
+FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFAFDFE27A4E2008FDC0093DD0093DD0093DD0093DD0093DD008FDC2DA6E3FCFEFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FDBAE1F568BEEB1A9CE0008DDB008EDC
+0092DD0093DD0093DD0093DD0093DD0093DD0090DC008DDB0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF50B5E8008DDB0093DD0093DD0093DD0093DD0093DD0091DC0F9ADF
+E7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF4DB4E7008EDB0093DD0093DD0093DD0093DD0093DD0091DC119BDFEAF6FD
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDDF0FAA5D8F35DB9E91D9EE1008FDC008DDB0090DC0093DD0093DD
+0093DD0093DD0093DD0092DD008DDB008EDB23A1E184CBEE79C6ED0090DC0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF86CCEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DC
+C2E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF8ACDEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DCBEE4F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFE8F5FCC1E5F7
+96D2F168BEEB34A8E40996DE008EDB008DDB0090DC0093DD0093DD0093DD0093DD0093DD
+0092DD008FDC008CDB0794DD4FB3E7A9DAF3F7FCFEF5FBFE34A8E40090DC0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFC8E8F80192DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB
+83CAEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFC8E8F80191DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB86CCEF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFCFEFFFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FAFDFEF3FAFDEBF7FCD9EFFAC5E6F7AEDCF494D1F175C4EC4CB3E72CA5E3119ADF0091DC
+008DDB008DDB008FDC0092DD0093DD0093DD0093DD0093DD0092DD0091DC008EDC008CDB
+0090DC2BA3E27CC7EDD5EDF9FFFFFFFFFFFFF7FCFE39ABE4008DDB0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF6FBFE1FA0E10090DC0093DD0093DD0093DD0093DD0093DD008EDB
+43B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFF9FCFF25A3E2008FDC0093DD0093DD0093DD0093DD0093DD008EDB3BADE5
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE3F3FBA7D9F372C2EC53B5E83CACE533A9E427A3E224A2E2
+1D9FE1149CE00B97DE0194DD008FDC008CDB008CDB008BDB008DDB008EDB0090DC0091DC
+0091DC0091DC0090DC008FDC008EDC008DDB008CDB008DDB0091DC159BDF3EACE584CAEE
+C4E6F7F8FCFEFFFFFFFFFFFFFFFFFFF1F9FD49B1E6008DDB0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF6FC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD
+0B97DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF6EC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD0896DE
+DDF0FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFDDAEFFAB6DFF592D0F075C4EC52B5E8
+36A9E428A4E21C9EE1129ADF0D98DF0A97DE0595DE0595DE0595DE0595DE0595DE0A97DE
+0C98DF129BDF1D9FE12BA5E33BABE555B6E87CC7ED9DD5F2C3E5F7ECF6FCFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE8F6FC41ADE5008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFCEEAF90392DC0092DD0093DD0093DD0093DD0093DD0093DD
+008CDB82CBEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFCFEAF80393DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB
+81CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFDFEFFF5FBFEEFF8FDE6F4FCE0F2FBD6EEFAD5EDF9D5EDF9D5EDF9D5EDF9DFF1FB
+E3F3FBEDF7FDF3FAFDFBFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFCAE8F826A1E1008DDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD
+0090DC1A9DE0EDF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF67BEEB008DDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD0090DC
+199DE0EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFFFF91D0F00C95DE008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1E5F70090DC0092DD0093DD0093DD0093DD0093DD
+0093DD008CDB7DC8EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD119BDF0091DC0093DD
+0093DD0093DD0093DD008DDB60BBEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF36AAE5008FDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFC4E6F70191DC0092DD0093DD0093DD0093DD0093DD0093DD
+008CDB78C6EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+D0EBF945AEE5008DDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF59B9E9008CDB0093DD0093DD0093DD0093DD
+0093DD0091DC0A95DECFEBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5FAFE1EA0E10090DC0093DD
+0093DD0093DD0093DD008FDC2FA7E3FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEAF80392DD0092DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5BBAE9008BDB0093DD0093DD0093DD0093DD0093DD
+0091DD0994DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FB72C2EC
+0B95DE008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB189CE0008FDC0093DD0093DD0093DD
+0093DD0093DD008EDC2DA5E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3BACE5008EDC0093DD
+0093DD0093DD0093DD0092DD0392DDC9E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF52B6E8008EDB0093DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB199CE00090DC0093DD0093DD0093DD0093DD
+0093DD008EDC2BA4E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB79C5ED1499DF008CDB
+0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4008FDB0092DD0093DD0093DD
+0093DD0093DD0093DD008DDB44AFE6F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB008CDB0093DD
+0093DD0093DD0093DD0093DD008EDB43AFE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0093DD0093DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAFDDF4008FDC0092DD0093DD0093DD0093DD
+0093DD0093DD008DDB40ADE5EFF9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F866BDEA159ADF008CDB0091DC0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0092DD0093DD
+0093DD0093DD0093DD0093DD008DDB37A9E4D8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1ECF90092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA3D8F3008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD008EDB64BCEAF5FBFDFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFEFF8FD6EC0EB008FDC0092DD0092DD0093DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF85CBEF008DDB0092DD0093DD0093DD
+0093DD0093DD0093DD008DDB37A9E3D9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EEF90093DD0092DD
+0093DD0093DD0093DD0093DD008FDC37AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDEF1FB93D0F03EACE50192DD008DDB0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF71C3EC008CDB0092DD
+0093DD0093DD0093DD0093DD0093DD008EDB159ADF98D3F1F7FCFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF98D3F10091DC
+0092DD0093DD0093DD0093DD0093DD008FDC33A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FD179DE00090DC
+0093DD0093DD0093DD0093DD0093DD0093DD008DDB2FA5E39DD5F2DEF1FBF6FBFEFBFDFE
+FAFDFEF0F9FDD2ECF988CCEF25A1E1008DDB0092DD0091DC0896DE0194DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF75C4ED008CDB0092DD0093DD
+0093DD0093DD0093DD0093DD008EDB1599DF97D3F1F7FCFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF9BD5F10091DD0092DD
+0093DD0093DD0093DD0093DD008FDC33A9E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFD
+C6E6F787CBEF3EACE50C97DE008DDB008EDC0092DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CBEF008FDC
+008FDC0093DD0093DD0093DD0093DD0093DD0090DC008EDB2BA4E28DCEF0D9EFFAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2F3FB9AD3F138A9E40090DC0092DD
+0093DD0093DD0093DD0093DD0093DD0090DC20A1E1F6FBFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008BDA
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB0A97DE21A1E12AA5E3
+29A4E3199EE00394DD008DDB0090DC0093DD008FDC21A1E187CCEF0191DC0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF88CCEF008FDC008FDC
+0093DD0093DD0093DD0093DD0093DD0090DC008EDB2CA4E28ECEF0DBEFFAFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB99D3F138A9E40090DC0092DD0093DD
+0093DD0093DD0093DD0093DD008FDC23A2E2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FCFEE6F4FCCDE9F8AEDCF484CAEE4DB3E71F9FE1
+0092DC008CDB008EDC0091DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF4
+1C9CE0008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0996DE33A8E3
+5FBBEA84CBEE8FD0F08FD0F089CDEF6CC1EB3BABE50F98DF008DDB008FDC0093DD0093DD
+0093DD0093DD0093DD0093DD0092DD008DDB008FDCD5EDF9FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBEE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFDFE47B1E6
+008BDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DD0090DC008FDC
+0090DC0090DC0092DD0093DD0093DD008FDC0B95DDC8E8F8B7E1F6008EDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF41C9CE0
+008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0A96DE32A8E35DBAE9
+83CAEE8FD0F08FD0F08ACDEF6CC0EB3CABE51099DF008DDB008FDC0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD008EDB0090DCD6EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FBBAE1F68DCEF0
+6BC0EB58B8E94AB2E742AEE642AFE642AFE642AFE642AEE64AB2E751B5E856B8E861BCEA
+61BCEA61BCEA57B8E94DB3E73BACE524A2E20E99DF0093DD008EDC008DDB008EDB0090DC
+0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+E3F3FB5FBAE90291DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC
+008DDB008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD
+0093DD0091DC008EDB008CDB0494DD35A8E484CAEEE9F6FCFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6EC1EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBEE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBAE2F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FD
+42AEE6008ADA0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB0E96DEB5E0F5FFFFFFA9DAF4008EDB0093DD0093DD
+0093DD0093DD0092DD0A97DEDEF2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF62BDEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB63BDEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB
+61BBE90191DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB
+008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD0093DD
+0091DC008EDB008CDB0393DD34A8E481C9EEE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF881C8EE3DACE50C97DE008FDC008DDB
+008DDB008DDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008DDB008DDB
+008DDB008DDB008DDB008EDB008EDC0090DC0091DC0092DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFC4E6F75BB7E90C97DE008CDB008DDB0090DC0092DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC008DDB
+008EDC1199DF4BB2E78DCDF0D1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFE9F5FC0997DE008EDB0090DC0090DC0090DC0090DC008ADA58B8E9
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFB6E0F5008CDB0090DC0090DC0090DC0090DC0090DC008ADA9FD6F3
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+F5FBFE70C2EC0894DD008CDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008EDB008DDB3BAAE4CBE9F8FFFFFFFFFFFFA7D9F4008BDA0090DC0090DC
+0090DC0090DC008FDC0092DCD3EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF50B5E8008ADA0090DC0090DC0090DC0090DC0090DC008ADA4DB4E8FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFC2E5F75AB7E80D97DE008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DD008FDC008DDB008EDC
+1199DF4AB1E78DCEEFD1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF1F9FDA6D9F339A9E4008CDB0086D90088DA008BDB008CDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB0086D947B1E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFDDF1FA93D0F050B3E71B9DE00293DD008EDC008DDB008CDB
+008CDB008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D98DF35A8E36ABFEB
+AFDCF4E5F4FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFD8EEFA26A2E222A0E122A1E122A1E122A1E122A1E1229DE05AB9E9
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFA1D7F3229CE022A1E122A1E122A1E122A1E122A1E1229CE08FD0F0
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFCFEAF965BCEA1B9DE00090DC008DDB008CDB008CDB008DDB008CDB008DDB
+008EDC0B97DE44AEE5A6D8F3FBFDFEFFFFFFFFFFFFFFFFFFB4DFF5229DE022A1E122A1E1
+22A1E122A1E122A1E1219EE1BFE4F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFDFEFF4DB4E7229EE022A1E122A1E122A1E122A1E122A1E1229EE047B1E6FBFDFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDFF1FB96D1F14EB3E71B9DE00293DD008EDC008DDB008CDB008CDB
+008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D97DE34A8E36BBFEBAEDCF4
+E5F4FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFBFDFFABDCF466BCEA60BBE968BFEB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BBDEA9AD4F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD0EBF9B4DEF599D3F185CBEF
+73C3EC6BC0EB6BC0EB6BC0EB70C2EC82CAEE93D1F0A8DAF3C5E6F7E3F2FBFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFBFEFEF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF8FCFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF8FCFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFEEF8FDC5E6F7A0D6F285CBEF77C5ED6DC1EC80C9EE94D1F1
+B4DEF5DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFF6FBFEF6FBFEF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFFFFF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF4FBFDFDFEFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD1EBF9B2DEF597D3F185CBEE72C3EC
+6BC0EB6BC0EB6BC0EB70C2EC81C9EE92D0F0A9DAF3C4E6F7E2F2FBFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+
+end
+%%PageTrailer
+%%Trailer
+%%EOF
diff --git a/doc/gnupg-logo.pdf b/doc/gnupg-logo.pdf
new file mode 100644
index 0000000..84a3470
--- /dev/null
+++ b/doc/gnupg-logo.pdf
Binary files differ
diff --git a/doc/gnupg-logo.png b/doc/gnupg-logo.png
new file mode 100644
index 0000000..73cf00a
--- /dev/null
+++ b/doc/gnupg-logo.png
Binary files differ
diff --git a/doc/gnupg.info b/doc/gnupg.info
new file mode 100644
index 0000000..bc2da62
--- /dev/null
+++ b/doc/gnupg.info
@@ -0,0 +1,178 @@
+This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo
+version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi.
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+INFO-DIR-SECTION GNU Utilities
+START-INFO-DIR-ENTRY
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+END-INFO-DIR-ENTRY
+
+
+Indirect:
+gnupg.info-1: 871
+gnupg.info-2: 299961
+
+Tag Table:
+(Indirect)
+Node: Top871
+Node: Installation2489
+Node: Invoking GPG-AGENT5502
+Node: Agent Commands8324
+Node: Agent Options9734
+Ref: option --options9891
+Ref: option --homedir10160
+Ref: option --log-file14140
+Ref: option --allow-mark-trusted14474
+Ref: option --enable-ssh-support19677
+Node: Agent Configuration21742
+Node: Agent Signals27217
+Node: Agent Examples28523
+Node: Agent Protocol29337
+Node: Agent PKDECRYPT31364
+Node: Agent PKSIGN33073
+Node: Agent GENKEY35179
+Node: Agent IMPORT36439
+Node: Agent EXPORT36881
+Node: Agent ISTRUSTED37096
+Node: Agent GET_PASSPHRASE39474
+Node: Agent GET_CONFIRMATION41855
+Node: Agent HAVEKEY42522
+Node: Agent LEARN43152
+Node: Agent PASSWD43447
+Node: Agent UPDATESTARTUPTTY43751
+Node: Agent GETEVENTCOUNTER44229
+Node: Agent GETINFO45037
+Node: Agent OPTION45744
+Node: Invoking GPG46721
+Node: GPG Commands48087
+Node: General GPG Commands48918
+Node: Operational GPG Commands49549
+Ref: option --export-ownertrust61814
+Node: OpenPGP Key Management63613
+Node: GPG Options75675
+Node: GPG Configuration Options76899
+Node: GPG Key related Options106612
+Node: GPG Input and Output110195
+Node: OpenPGP Options115796
+Node: GPG Esoteric Options123517
+Ref: GPG Esoteric Options-Footnote-1145993
+Node: GPG Configuration146147
+Node: GPG Examples149430
+Node: Unattended Usage of GPG153764
+Node: Unattended GPG key generation154203
+Node: Invoking GPGSM163335
+Node: GPGSM Commands164204
+Node: General GPGSM Commands164642
+Node: Operational GPGSM Commands165330
+Node: Certificate Management167363
+Node: GPGSM Options171728
+Node: Configuration Options172302
+Node: Certificate Options174587
+Node: Input and Output178480
+Ref: option --p12-charset179062
+Node: CMS Options181309
+Node: Esoteric Options182331
+Node: GPGSM Configuration186703
+Node: GPGSM Examples192398
+Node: Unattended Usage192595
+Node: Automated signature checking193186
+Node: CSR and certificate creation194985
+Node: GPGSM Protocol200045
+Node: GPGSM ENCRYPT201210
+Node: GPGSM DECRYPT203878
+Node: GPGSM SIGN204711
+Node: GPGSM VERIFY206159
+Node: GPGSM GENKEY206674
+Node: GPGSM LISTKEYS207688
+Node: GPGSM EXPORT208613
+Node: GPGSM IMPORT209570
+Node: GPGSM DELETE210310
+Node: GPGSM GETINFO210813
+Node: Invoking SCDAEMON211463
+Node: Scdaemon Commands212137
+Node: Scdaemon Options213258
+Node: Card applications220966
+Node: OpenPGP Card221575
+Node: NKS Card222051
+Node: DINSIG Card222377
+Node: PKCS#15 Card222753
+Node: Geldkarte Card223023
+Node: Undefined Card223415
+Node: Scdaemon Configuration223829
+Node: Scdaemon Examples224866
+Node: Scdaemon Protocol225049
+Node: Scdaemon SERIALNO226545
+Node: Scdaemon LEARN227474
+Node: Scdaemon READCERT228330
+Node: Scdaemon READKEY228731
+Node: Scdaemon PKSIGN229017
+Node: Scdaemon PKDECRYPT229743
+Node: Scdaemon GETATTR230255
+Node: Scdaemon SETATTR230459
+Node: Scdaemon WRITEKEY230666
+Node: Scdaemon GENKEY231370
+Node: Scdaemon RANDOM231575
+Node: Scdaemon PASSWD231798
+Node: Scdaemon CHECKPIN232191
+Node: Scdaemon RESTART233196
+Node: Scdaemon APDU233731
+Node: Specify a User ID234707
+Ref: how-to-specify-a-user-id234865
+Node: Helper Tools239496
+Node: watchgnupg240335
+Ref: option watchgnupg --tcp241063
+Node: gpgv242394
+Node: addgnupghome245561
+Node: gpgconf246259
+Ref: gpgconf-Footnote-1248395
+Node: Invoking gpgconf248693
+Node: Format conventions251569
+Node: Listing components256895
+Node: Checking programs258986
+Node: Listing options261735
+Node: Changing options269225
+Node: Listing global options270926
+Node: Files used by gpgconf272696
+Node: applygnupgdefaults273046
+Node: gpgsm-gencert.sh273786
+Node: gpg-preset-passphrase274154
+Node: Invoking gpg-preset-passphrase275032
+Node: gpg-connect-agent276302
+Node: Invoking gpg-connect-agent277015
+Node: Controlling gpg-connect-agent279148
+Node: gpgparsemail285604
+Node: symcryptrun285925
+Node: Invoking symcryptrun286824
+Node: gpg-zip288612
+Node: Howtos290438
+Node: Howto Create a Server Cert290705
+Node: System Notes299961
+Node: W32 Notes302433
+Node: Debugging302854
+Node: Debugging Tools303683
+Node: kbxutil303963
+Ref: kbxutil-Footnote-1305532
+Node: Debugging Hints305628
+Node: Common Problems306230
+Node: Architecture Details311438
+Node: GnuPG-1 and GnuPG-2311689
+Node: Copying312013
+Node: Contributors349637
+Node: Glossary355870
+Node: Option Index358396
+Node: Index417494
+
+End Tag Table
diff --git a/doc/gnupg.info-1 b/doc/gnupg.info-1
new file mode 100644
index 0000000..4ae6e74
--- /dev/null
+++ b/doc/gnupg.info-1
@@ -0,0 +1,7752 @@
+This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo
+version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi.
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+INFO-DIR-SECTION GNU Utilities
+START-INFO-DIR-ENTRY
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+END-INFO-DIR-ENTRY
+
+
+File: gnupg.info, Node: Top, Next: Installation, Up: (dir)
+
+Using the GNU Privacy Guard
+***************************
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+ This manual documents how to use the GNU Privacy Guard system as
+well as the administration and the architecture.
+
+* Menu:
+
+* Installation:: A short installation guide.
+
+* Invoking GPG-AGENT:: How to launch the secret key daemon.
+* Invoking GPG:: Using the OpenPGP protocol.
+* Invoking GPGSM:: Using the S/MIME protocol.
+* Invoking SCDAEMON:: How to handle Smartcards.
+* Specify a User ID:: How to Specify a User Id.
+
+* Helper Tools:: Description of small helper tools
+
+* Howtos:: How to do certain things.
+* System Notes:: Notes pertaining to certain OSes.
+* Debugging:: How to solve problems
+
+* Copying:: GNU General Public License says
+ how you can copy and share GnuPG
+* Contributors:: People who have contributed to GnuPG.
+
+* Glossary:: Short description of terms used.
+* Option Index:: Index to command line options.
+* Index:: Index of concepts and symbol names.
+
+
+File: gnupg.info, Node: Installation, Next: Invoking GPG-AGENT, Prev: Top, Up: Top
+
+1 A short installation guide.
+*****************************
+
+Unfortunately the installation guide has not been finished in time.
+Instead of delaying the release of GnuPG 2.0 even further, I decided to
+release without that guide. The chapter on gpg-agent and gpgsm do
+include brief information on how to set up the whole thing. Please
+watch the GnuPG website for updates of the documentation. In the
+meantime you may search the GnuPG mailing list archives or ask on the
+gnupg-users mailing listsfor advise on how to solve problems or how to
+get that whole thing up and running.
+
+ ** Building the software
+
+ Building the software is decribed in the file `INSTALL'. Given that
+you are already reading this documentation we can only give some extra
+hints
+
+ To comply with the rules on GNU systems you should have build time
+configured `dirmngr' using:
+
+ ./configure --sysconfdir=/etc --localstatedir=/var
+
+ This is to make sure that system wide configuration files are
+searched in the directory `/etc/gnupg' and variable data below `/var';
+the default would be to also install them below `/usr/local' where the
+binaries get installed. If you selected to use the `--prefix=/' you
+obviously don't need those option as they are the default then.
+
+ ** Explain how to setup a root CA key as trusted
+
+ Such questions may also help to write a proper installation guide.
+
+ [to be written]
+
+ XXX Tell how to setup the system, install certificates, how dirmngr
+relates to GnuPG etc.
+
+ ** Explain how to setup a root CA key as trusted
+
+ X.509 is based on a hierarchical key infrastructure. At the root of
+the tree a trusted anchor (root certificate) is required. There are
+usually no other means of verifying whether this root certificate is
+trustworthy than looking it up in a list. GnuPG uses a file
+(`trustlist.txt') to keep track of all root certificates it knows
+about. There are 3 ways to get certificates into this list:
+
+ * Use the list which comes with GnuPG. However this list only
+ contains a few root certificates. Most installations will need
+ more.
+
+ * Let `gpgsm' ask you whether you want to insert a new root
+ certificate. To enable this feature you need to set the option
+ `allow-mark-trusted' into `gpg-agent.conf'. In general it is not
+ a good idea to do it this way. Checking whether a root
+ certificate is really trustworthy requires decisions, which casual
+ users are not up to. Thus, by default this option is not enabled.
+
+ * Manually maintain the list of trusted root certificates. For a
+ multi user installation this can be done once for all users on a
+ machine. Specific changes on a per-user base are also possible.
+
+ XXX decribe how to maintain trustlist.txt and
+/etc/gnupg/trustlist.txt.
+
+ ** How to get the ssh support running
+
+ XXX How to use the ssh support.
+
+1.1 Installation Overview
+=========================
+
+XXXX
+
+
+File: gnupg.info, Node: Invoking GPG-AGENT, Next: Invoking GPG, Prev: Installation, Up: Top
+
+2 Invoking GPG-AGENT
+********************
+
+`gpg-agent' is a daemon to manage secret (private) keys independently
+from any protocol. It is used as a backend for `gpg' and `gpgsm' as
+well as for a couple of other utilities.
+
+The usual way to run the agent is from the `~/.xsession' file:
+
+ eval $(gpg-agent --daemon)
+ If you don't use an X server, you can also put this into your regular
+startup file `~/.profile' or `.bash_profile'. It is best not to run
+multiple instance of the `gpg-agent', so you should make sure that only
+one is running: `gpg-agent' uses an environment variable to inform
+clients about the communication parameters. You can write the content
+of this environment variable to a file so that you can test for a
+running agent. Here is an example using Bourne shell syntax:
+
+ gpg-agent --daemon --enable-ssh-support \
+ --write-env-file "${HOME}/.gpg-agent-info"
+
+ This code should only be run once per user session to initially fire
+up the agent. In the example the optional support for the included
+Secure Shell agent is enabled and the information about the agent is
+written to a file in the HOME directory. Note that by running
+gpg-agent without arguments you may test whether an agent is already
+running; however such a test may lead to a race condition, thus it is
+not suggested.
+
+The second script needs to be run for each interactive session:
+
+ if [ -f "${HOME}/.gpg-agent-info" ]; then
+ . "${HOME}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+ fi
+
+It reads the data out of the file and exports the variables. If you
+don't use Secure Shell, you don't need the last two export statements.
+
+You should always add the following lines to your `.bashrc' or whatever
+initialization file is used for all shell invocations:
+
+ GPG_TTY=$(tty)
+ export GPG_TTY
+
+It is important that this environment variable always reflects the
+output of the `tty' command. For W32 systems this option is not
+required.
+
+ Please make sure that a proper pinentry program has been installed
+under the default filename (which is system dependant) or use the
+option `pinentry-program' to specify the full name of that program. It
+is often useful to install a symbolic link from the actual used
+pinentry (e.g. `/usr/bin/pinentry-gtk') to the expected one (e.g.
+`/usr/bin/pinentry').
+
+*Note Option Index::,for an index to `GPG-AGENT''s commands and options.
+
+* Menu:
+
+* Agent Commands:: List of all commands.
+* Agent Options:: List of all options.
+* Agent Configuration:: Configuration files.
+* Agent Signals:: Use of some signals.
+* Agent Examples:: Some usage examples.
+* Agent Protocol:: The protocol the agent uses.
+
+
+File: gnupg.info, Node: Agent Commands, Next: Agent Options, Up: Invoking GPG-AGENT
+
+2.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+`--version'
+ Print the program version and licensing information. Note that
+ you cannot abbreviate this command.
+
+`--help'
+`-h'
+ Print a usage message summarizing the most useful command-line
+ options. Note that you cannot abbreviate this command.
+
+`--dump-options'
+ Print a list of all available options and commands. Note that you
+ cannot abbreviate this command.
+
+`--server'
+ Run in server mode and wait for commands on the `stdin'. The
+ default mode is to create a socket and listen for commands there.
+
+`--daemon [COMMAND LINE]'
+ Start the gpg-agent as a daemon; that is, detach it from the
+ console and run it in the background. Because `gpg-agent' prints
+ out important information required for further use, a common way of
+ invoking gpg-agent is: `eval $(gpg-agent --daemon)' to setup the
+ environment variables. The option `--write-env-file' is another
+ way commonly used to do this. Yet another way is creating a new
+ process as a child of gpg-agent: `gpg-agent --daemon /bin/sh'.
+ This way you get a new shell with the environment setup properly;
+ if you exit from this shell, gpg-agent terminates as well.
+
+
+File: gnupg.info, Node: Agent Options, Next: Agent Configuration, Prev: Agent Commands, Up: Invoking GPG-AGENT
+
+2.2 Option Summary
+==================
+
+`--options FILE'
+ Reads configuration from FILE instead of from the default per-user
+ configuration file. The default configuration file is named
+ `gpg-agent.conf' and expected in the `.gnupg' directory directly
+ below the home directory of the user.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`-v'
+
+`--verbose'
+ Outputs additional information while running. You can increase
+ the verbosity by giving several verbose commands to `gpgsm', such
+ as `-vv'.
+
+`-q'
+
+`--quiet'
+ Try to be as quiet as possible.
+
+`--batch'
+ Don't invoke a pinentry or do any other thing requiring human
+ interaction.
+
+`--faked-system-time EPOCH'
+ This option is only useful for testing; it sets the system time
+ back or forth to EPOCH which is the number of seconds elapsed
+ since the year 1970.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+`--debug FLAGS'
+ This option is only useful for debugging and the behaviour may
+ change at any time without notice. FLAGS are bit encoded and may
+ be given in usual C-Syntax. The currently defined bits are:
+
+ `0 (1)'
+ X.509 or OpenPGP protocol related data
+
+ `1 (2)'
+ values of big number integers
+
+ `2 (4)'
+ low level crypto operations
+
+ `5 (32)'
+ memory allocation
+
+ `6 (64)'
+ caching
+
+ `7 (128)'
+ show memory statistics.
+
+ `9 (512)'
+ write hashed data to files named `dbgmd-000*'
+
+ `10 (1024)'
+ trace Assuan protocol
+
+ `12 (4096)'
+ bypass all certificate validation
+
+`--debug-all'
+ Same as `--debug=0xffffffff'
+
+`--debug-wait N'
+ When running in server mode, wait N seconds before entering the
+ actual processing loop and print the pid. This gives time to
+ attach a debugger.
+
+`--no-detach'
+ Don't detach the process from the console. This is mainly useful
+ for debugging.
+
+`-s'
+`--sh'
+`-c'
+`--csh'
+ Format the info output in daemon mode for use with the standard
+ Bourne shell or the C-shell respectively. The default is to guess
+ it based on the environment variable `SHELL' which is correct in
+ almost all cases.
+
+`--write-env-file FILE'
+ Often it is required to connect to the agent from a process not
+ being an inferior of `gpg-agent' and thus the environment variable
+ with the socket name is not available. To help setting up those
+ variables in other sessions, this option may be used to write the
+ information into FILE. If FILE is not specified the default name
+ `${HOME}/.gpg-agent-info' will be used. The format is suitable to
+ be evaluated by a Bourne shell like in this simple example:
+
+ eval $(cat FILE)
+ eval $(cut -d= -f 1 < FILE | xargs echo export)
+
+`--no-grab'
+ Tell the pinentry not to grab the keyboard and mouse. This option
+ should in general not be used to avoid X-sniffing attacks.
+
+`--log-file FILE'
+ Append all logging output to FILE. This is very helpful in seeing
+ what the agent actually does. If neither a log file nor a log file
+ descriptor has been set on a Windows platform, the Registry entry
+ `HKCU\Software\GNU\GnuPG:DefaultLogFile', if set, is used to
+ specify the logging output.
+
+`--allow-mark-trusted'
+ Allow clients to mark keys as trusted, i.e. put them into the
+ `trustlist.txt' file. This is by default not allowed to make it
+ harder for users to inadvertently accept Root-CA keys.
+
+`--ignore-cache-for-signing'
+ This option will let `gpg-agent' bypass the passphrase cache for
+ all signing operation. Note that there is also a per-session
+ option to control this behaviour but this command line option
+ takes precedence.
+
+`--default-cache-ttl N'
+ Set the time a cache entry is valid to N seconds. The default is
+ 600 seconds.
+
+`--default-cache-ttl-ssh N'
+ Set the time a cache entry used for SSH keys is valid to N
+ seconds. The default is 1800 seconds.
+
+`--max-cache-ttl N'
+ Set the maximum time a cache entry is valid to N seconds. After
+ this time a cache entry will be expired even if it has been
+ accessed recently. The default is 2 hours (7200 seconds).
+
+`--max-cache-ttl-ssh N'
+ Set the maximum time a cache entry used for SSH keys is valid to N
+ seconds. After this time a cache entry will be expired even if it
+ has been accessed recently. The default is 2 hours (7200 seconds).
+
+`--enforce-passphrase-constraints'
+ Enforce the passphrase constraints by not allowing the user to
+ bypass them using the "Take it anyway" button.
+
+`--min-passphrase-len N'
+ Set the minimal length of a passphrase. When entering a new
+ passphrase shorter than this value a warning will be displayed.
+ Defaults to 8.
+
+`--min-passphrase-nonalpha N'
+ Set the minimal number of digits or special characters required in
+ a passphrase. When entering a new passphrase with less than this
+ number of digits or special characters a warning will be
+ displayed. Defaults to 1.
+
+`--check-passphrase-pattern FILE'
+ Check the passphrase against the pattern given in FILE. When
+ entering a new passphrase matching one of these pattern a warning
+ will be displayed. FILE should be an absolute filename. The
+ default is not to use any pattern file.
+
+ Security note: It is known that checking a passphrase against a
+ list of pattern or even against a complete dictionary is not very
+ effective to enforce good passphrases. Users will soon figure up
+ ways to bypass such a policy. A better policy is to educate users
+ on good security behavior and optionally to run a passphrase
+ cracker regularly on all users passphrases to catch the very
+ simple ones.
+
+`--max-passphrase-days N'
+ Ask the user to change the passphrase if N days have passed since
+ the last change. With `--enforce-passphrase-constraints' set the
+ user may not bypass this check.
+
+`--enable-passphrase-history'
+ This option does nothing yet.
+
+`--pinentry-program FILENAME'
+ Use program FILENAME as the PIN entry. The default is installation
+ dependent.
+
+`--pinentry-touch-file FILENAME'
+ By default the filename of the socket gpg-agent is listening for
+ requests is passed to Pinentry, so that it can touch that file
+ before exiting (it does this only in curses mode). This option
+ changes the file passed to Pinentry to FILENAME. The special name
+ `/dev/null' may be used to completely disable this feature. Note
+ that Pinentry will not create that file, it will only change the
+ modification and access time.
+
+`--scdaemon-program FILENAME'
+ Use program FILENAME as the Smartcard daemon. The default is
+ installation dependent and can be shown with the `gpgconf' command.
+
+`--disable-scdaemon'
+ Do not make use of the scdaemon tool. This option has the effect
+ of disabling the ability to do smartcard operations. Note, that
+ enabling this option at runtime does not kill an already forked
+ scdaemon.
+
+`--use-standard-socket'
+`--no-use-standard-socket'
+ By enabling this option `gpg-agent' will listen on the socket
+ named `S.gpg-agent', located in the home directory, and not create
+ a random socket below a temporary directory. Tools connecting to
+ `gpg-agent' should first try to connect to the socket given in
+ environment variable GPG_AGENT_INFO and then fall back to this
+ socket. This option may not be used if the home directory is
+ mounted on a remote file system which does not support special
+ files like fifos or sockets. Note, that `--use-standard-socket'
+ is the default on Windows systems. The default may be changed at
+ build time. It is possible to test at runtime whether the agent
+ has been configured for use with the standard socket by issuing
+ the command `gpg-agent --use-standard-socket-p' which returns
+ success if the standard socket option has been enabled.
+
+`--display STRING'
+`--ttyname STRING'
+`--ttytype STRING'
+`--lc-ctype STRING'
+`--lc-messages STRING'
+`--xauthority STRING'
+ These options are used with the server mode to pass localization
+ information.
+
+`--keep-tty'
+`--keep-display'
+ Ignore requests to change the current `tty' or X window system's
+ `DISPLAY' variable respectively. This is useful to lock the
+ pinentry to pop up at the `tty' or display you started the agent.
+
+`--enable-ssh-support'
+ Enable the OpenSSH Agent protocol.
+
+ In this mode of operation, the agent does not only implement the
+ gpg-agent protocol, but also the agent protocol used by OpenSSH
+ (through a separate socket). Consequently, it should be possible
+ to use the gpg-agent as a drop-in replacement for the well known
+ ssh-agent.
+
+ SSH Keys, which are to be used through the agent, need to be added
+ to the gpg-agent initially through the ssh-add utility. When a
+ key is added, ssh-add will ask for the password of the provided
+ key file and send the unprotected key material to the agent; this
+ causes the gpg-agent to ask for a passphrase, which is to be used
+ for encrypting the newly received key and storing it in a
+ gpg-agent specific directory.
+
+ Once a key has been added to the gpg-agent this way, the gpg-agent
+ will be ready to use the key.
+
+ Note: in case the gpg-agent receives a signature request, the user
+ might need to be prompted for a passphrase, which is necessary for
+ decrypting the stored key. Since the ssh-agent protocol does not
+ contain a mechanism for telling the agent on which
+ display/terminal it is running, gpg-agent's ssh-support will use
+ the TTY or X display where gpg-agent has been started. To switch
+ this display to the current one, the following command may be used:
+
+ gpg-connect-agent updatestartuptty /bye
+
+ Although all GnuPG components try to start the gpg-agent as
+ needed, this is not possible for the ssh support because ssh does
+ not know about it. Thus if no GnuPG tool which accesses the agent
+ has been run, there is no guarantee that ssh is abale to use
+ gpg-agent for authentication. To fix this you may start gpg-agent
+ if needed using this simple command:
+
+ gpg-connect-agent /bye
+
+ Adding the `--verbose' shows the progress of starting the agent.
+
+
+ All the long options may also be given in the configuration file
+after stripping off the two leading dashes.
+
+
+File: gnupg.info, Node: Agent Configuration, Next: Agent Signals, Prev: Agent Options, Up: Invoking GPG-AGENT
+
+2.3 Configuration
+=================
+
+There are a few configuration files needed for the operation of the
+agent. By default they may all be found in the current home directory
+(*note option --homedir::).
+
+`gpg-agent.conf'
+ This is the standard configuration file read by `gpg-agent' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This file is also read after a `SIGHUP' however only a few
+ options will actually have an effect. This default name may be
+ changed on the command line (*note option --options::). You
+ should backup this file.
+
+`trustlist.txt'
+ This is the list of trusted keys. You should backup this file.
+
+ Comment lines, indicated by a leading hash mark, as well as empty
+ lines are ignored. To mark a key as trusted you need to enter its
+ fingerprint followed by a space and a capital letter `S'. Colons
+ may optionally be used to separate the bytes of a fingerprint;
+ this allows to cut and paste the fingerprint from a key listing
+ output. If the line is prefixed with a `!' the key is
+ explicitly marked as not trusted.
+
+ Here is an example where two keys are marked as ultimately trusted
+ and one as not trusted:
+
+ # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE
+ A6935DD34EF3087973C706FC311AA2CCF733765B S
+
+ # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE
+ DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S
+
+ # CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE
+ !14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S
+
+ Before entering a key into this file, you need to ensure its
+ authenticity. How to do this depends on your organisation; your
+ administrator might have already entered those keys which are
+ deemed trustworthy enough into this file. Places where to look
+ for the fingerprint of a root certificate are letters received
+ from the CA or the website of the CA (after making 100% sure that
+ this is indeed the website of that CA). You may want to consider
+ allowing interactive updates of this file by using the *Note
+ option --allow-mark-trusted::. This is however not as secure as
+ maintaining this file manually. It is even advisable to change
+ the permissions to read-only so that this file can't be changed
+ inadvertently.
+
+ As a special feature a line `include-default' will include a global
+ list of trusted certificates (e.g. `/etc/gnupg/trustlist.txt').
+ This global list is also used if the local list is not available.
+
+ It is possible to add further flags after the `S' for use by the
+ caller:
+
+ `relax'
+ Relax checking of some root certificate requirements. As of
+ now this flag allows the use of root certificates with a
+ missing basicConstraints attribute (despite that it is a MUST
+ for CA certificates) and disables CRL checking for the root
+ certificate.
+
+ `cm'
+ If validation of a certificate finally issued by a CA with
+ this flag set fails, try again using the chain validation
+ model.
+
+
+`sshcontrol'
+ This file is used when support for the secure shell agent protocol
+ has been enabled (*note option --enable-ssh-support::). Only keys
+ present in this file are used in the SSH protocol. You should
+ backup this file.
+
+ The `ssh-add' tool may be used to add new entries to this file;
+ you may also add them manually. Comment lines, indicated by a
+ leading hash mark, as well as empty lines are ignored. An entry
+ starts with optional whitespace, followed by the keygrip of the
+ key given as 40 hex digits, optionally followed by the caching TTL
+ in seconds and another optional field for arbitrary flags. A
+ non-zero TTL overrides the global default as set by
+ `--default-cache-ttl-ssh'.
+
+ The only flag support is `confirm'. If this flag is found for a
+ key, each use of the key will pop up a pinentry to confirm the use
+ of that key. The flag is automatically set if a new key was
+ loaded into `gpg-agent' using the option `-c' of the `ssh-add'
+ command.
+
+ The keygrip may be prefixed with a `!' to disable an entry entry.
+
+ The following example lists exactly one key. Note that keys
+ available through a OpenPGP smartcard in the active smartcard
+ reader are implicitly added to this list; i.e. there is no need to
+ list them.
+
+ # Key added on: 2011-07-20 20:38:46
+ # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81
+ 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm
+
+`private-keys-v1.d/'
+ This is the directory where gpg-agent stores the private keys.
+ Each key is stored in a file with the name made up of the
+ keygrip and the suffix `key'. You should backup all files in
+ this directory and take great care to keep this backup closed
+ away.
+
+
+ Note that on larger installations, it is useful to put predefined
+files into the directory `/etc/skel/.gnupg/' so that newly created
+users start up with a working configuration. For existing users the a
+small helper script is provided to create these files (*note
+addgnupghome::).
+
+
+File: gnupg.info, Node: Agent Signals, Next: Agent Examples, Prev: Agent Configuration, Up: Invoking GPG-AGENT
+
+2.4 Use of some signals.
+========================
+
+A running `gpg-agent' may be controlled by signals, i.e. using the
+`kill' command to send a signal to the process.
+
+ Here is a list of supported signals:
+
+`SIGHUP'
+ This signal flushes all cached passphrases and if the program has
+ been started with a configuration file, the configuration file is
+ read again. Only certain options are honored: `quiet', `verbose',
+ `debug', `debug-all', `debug-level', `no-grab',
+ `pinentry-program', `default-cache-ttl', `max-cache-ttl',
+ `ignore-cache-for-signing', `allow-mark-trusted' and
+ `disable-scdaemon'. `scdaemon-program' is also supported but due
+ to the current implementation, which calls the scdaemon only once,
+ it is not of much use unless you manually kill the scdaemon.
+
+`SIGTERM'
+ Shuts down the process but waits until all current requests are
+ fulfilled. If the process has received 3 of these signals and
+ requests are still pending, a shutdown is forced.
+
+`SIGINT'
+ Shuts down the process immediately.
+
+`SIGUSR1'
+ Dump internal information to the log file.
+
+`SIGUSR2'
+ This signal is used for internal purposes.
+
+
+
+File: gnupg.info, Node: Agent Examples, Next: Agent Protocol, Prev: Agent Signals, Up: Invoking GPG-AGENT
+
+2.5 Examples
+============
+
+The usual way to invoke `gpg-agent' is
+
+ $ eval $(gpg-agent --daemon)
+
+ An alternative way is by replacing `ssh-agent' with `gpg-agent'. If
+for example `ssh-agent' is started as part of the Xsession
+initialization, you may simply replace `ssh-agent' by a script like:
+
+ #!/bin/sh
+
+ exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \
+ --write-env-file ${HOME}/.gpg-agent-info "$@"
+
+and add something like (for Bourne shells)
+
+ if [ -f "${HOME}/.gpg-agent-info" ]; then
+ . "${HOME}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+ fi
+
+to your shell initialization file (e.g. `~/.bashrc').
+
+
+File: gnupg.info, Node: Agent Protocol, Prev: Agent Examples, Up: Invoking GPG-AGENT
+
+2.6 Agent's Assuan Protocol
+===========================
+
+Note: this section does only document the protocol, which is used by
+GnuPG components; it does not deal with the ssh-agent protocol.
+
+ The `gpg-agent' should be started by the login shell and set an
+environment variable to tell clients about the socket to be used.
+Clients should deny to access an agent with a socket name which does
+not match its own configuration. An application may choose to start an
+instance of the gpgagent if it does not figure that any has been
+started; it should not do this if a gpgagent is running but not usable.
+Because `gpg-agent' can only be used in background mode, no special
+command line option is required to activate the use of the protocol.
+
+ To identify a key we use a thing called keygrip which is the SHA-1
+hash of an canonical encoded S-Expression of the public key as used in
+Libgcrypt. For the purpose of this interface the keygrip is given as a
+hex string. The advantage of using this and not the hash of a
+certificate is that it will be possible to use the same keypair for
+different protocols, thereby saving space on the token used to keep the
+secret keys.
+
+* Menu:
+
+* Agent PKDECRYPT:: Decrypting a session key
+* Agent PKSIGN:: Signing a Hash
+* Agent GENKEY:: Generating a Key
+* Agent IMPORT:: Importing a Secret Key
+* Agent EXPORT:: Exporting a Secret Key
+* Agent ISTRUSTED:: Importing a Root Certificate
+* Agent GET_PASSPHRASE:: Ask for a passphrase
+* Agent GET_CONFIRMATION:: Ask for confirmation
+* Agent HAVEKEY:: Check whether a key is available
+* Agent LEARN:: Register a smartcard
+* Agent PASSWD:: Change a Passphrase
+* Agent UPDATESTARTUPTTY:: Change the Standard Display
+* Agent GETEVENTCOUNTER:: Get the Event Counters
+* Agent GETINFO:: Return information about the process
+* Agent OPTION:: Set options for the session
+
+
+File: gnupg.info, Node: Agent PKDECRYPT, Next: Agent PKSIGN, Up: Agent Protocol
+
+2.6.1 Decrypting a session key
+------------------------------
+
+The client asks the server to decrypt a session key. The encrypted
+session key should have all information needed to select the
+appropriate secret key or to delegate it to a smartcard.
+
+ SETKEY <keyGrip>
+
+ Tell the server about the key to be used for decryption. If this is
+not used, `gpg-agent' may try to figure out the key by trying to
+decrypt the message with each key available.
+
+ PKDECRYPT
+
+ The agent checks whether this command is allowed and then does an
+INQUIRY to get the ciphertext the client should then send the cipher
+text.
+
+ S: INQUIRE CIPHERTEXT
+ C: D (xxxxxx
+ C: D xxxx)
+ C: END
+
+ Please note that the server may send status info lines while reading
+the data lines from the client. The data send is a SPKI like S-Exp with
+this structure:
+
+ (enc-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+
+ Where algo is a string with the name of the algorithm; see the
+libgcrypt documentation for a list of valid algorithms. The number and
+names of the parameters depend on the algorithm. The agent does return
+an error if there is an inconsistency.
+
+ If the decryption was successful the decrypted data is returned by
+means of "D" lines.
+
+ Here is an example session:
+
+ C: PKDECRYPT
+ S: INQUIRE CIPHERTEXT
+ C: D (enc-val elg (a 349324324)
+ C: D (b 3F444677CA)))
+ C: END
+ S: # session key follows
+ S: D (value 1234567890ABCDEF0)
+ S: OK descryption successful
+
+
+File: gnupg.info, Node: Agent PKSIGN, Next: Agent GENKEY, Prev: Agent PKDECRYPT, Up: Agent Protocol
+
+2.6.2 Signing a Hash
+--------------------
+
+The client ask the agent to sign a given hash value. A default key
+will be chosen if no key has been set. To set a key a client first
+uses:
+
+ SIGKEY <keyGrip>
+
+ This can be used multiple times to create multiple signature, the
+list of keys is reset with the next PKSIGN command or a RESET. The
+server test whether the key is a valid key to sign something and
+responds with okay.
+
+ SETHASH --hash=<name>|<algo> <hexstring>
+
+ The client can use this command to tell the server about the data
+<hexstring> (which usually is a hash) to be signed. <algo> is the
+decimal encoded hash algorithm number as used by Libgcrypt. Either
+<algo> or -hash=<name> must be given. Valid names for <name> are:
+
+`sha1'
+
+`sha256'
+
+`rmd160'
+
+`md5'
+
+`tls-md5sha1'
+
+The actual signing is done using
+
+ PKSIGN <options>
+
+ Options are not yet defined, but my later be used to choose among
+different algorithms. The agent does then some checks, asks for the
+passphrase and as a result the server returns the signature as an SPKI
+like S-expression in "D" lines:
+
+ (sig-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+
+ The operation is affected by the option
+
+ OPTION use-cache-for-signing=0|1
+
+ The default of `1' uses the cache. Setting this option to `0' will
+lead `gpg-agent' to ignore the passphrase cache. Note, that there is
+also a global command line option for `gpg-agent' to globally disable
+the caching.
+
+ Here is an example session:
+
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: PKSIGN
+ S: # I did ask the user whether he really wants to sign
+ S: # I did ask the user for the passphrase
+ S: INQUIRE HASHVAL
+ C: D ABCDEF012345678901234
+ C: END
+ S: # signature follows
+ S: D (sig-val rsa (s 45435453654612121212))
+ S: OK
+
+
+File: gnupg.info, Node: Agent GENKEY, Next: Agent IMPORT, Prev: Agent PKSIGN, Up: Agent Protocol
+
+2.6.3 Generating a Key
+----------------------
+
+This is used to create a new keypair and store the secret key inside the
+active PSE -- which is in most cases a Soft-PSE. An not yet defined
+option allows to choose the storage location. To get the secret key out
+of the PSE, a special export tool has to be used.
+
+ GENKEY
+
+ Invokes the key generation process and the server will then inquire
+on the generation parameters, like:
+
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+
+ The format of the key parameters which depends on the algorithm is of
+the form:
+
+ (genkey
+ (algo
+ (parameter_name_1 ....)
+ ....
+ (parameter_name_n ....)))
+
+ If everything succeeds, the server returns the *public key* in a SPKI
+like S-Expression like this:
+
+ (public-key
+ (rsa
+ (n <mpi>)
+ (e <mpi>)))
+
+ Here is an example session:
+
+ C: GENKEY
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+ S: D (public-key
+ S: D (rsa (n 326487324683264) (e 10001)))
+ S OK key created
+
+
+File: gnupg.info, Node: Agent IMPORT, Next: Agent EXPORT, Prev: Agent GENKEY, Up: Agent Protocol
+
+2.6.4 Importing a Secret Key
+----------------------------
+
+This operation is not yet supported by GpgAgent. Specialized tools are
+to be used for this.
+
+ There is no actual need because we can expect that secret keys
+created by a 3rd party are stored on a smartcard. If we have generated
+the key ourself, we do not need to import it.
+
+
+File: gnupg.info, Node: Agent EXPORT, Next: Agent ISTRUSTED, Prev: Agent IMPORT, Up: Agent Protocol
+
+2.6.5 Export a Secret Key
+-------------------------
+
+Not implemented.
+
+ Should be done by an extra tool.
+
+
+File: gnupg.info, Node: Agent ISTRUSTED, Next: Agent GET_PASSPHRASE, Prev: Agent EXPORT, Up: Agent Protocol
+
+2.6.6 Importing a Root Certificate
+----------------------------------
+
+Actually we do not import a Root Cert but provide a way to validate any
+piece of data by storing its Hash along with a description and an
+identifier in the PSE. Here is the interface description:
+
+ ISTRUSTED <fingerprint>
+
+ Check whether the OpenPGP primary key or the X.509 certificate with
+the given fingerprint is an ultimately trusted key or a trusted Root CA
+certificate. The fingerprint should be given as a hexstring (without
+any blanks or colons or whatever in between) and may be left padded with
+00 in case of an MD5 fingerprint. GPGAgent will answer with:
+
+ OK
+
+ The key is in the table of trusted keys.
+
+ ERR 304 (Not Trusted)
+
+ The key is not in this table.
+
+ Gpg needs the entire list of trusted keys to maintain the web of
+trust; the following command is therefore quite helpful:
+
+ LISTTRUSTED
+
+ GpgAgent returns a list of trusted keys line by line:
+
+ S: D 000000001234454556565656677878AF2F1ECCFF P
+ S: D 340387563485634856435645634856438576457A P
+ S: D FEDC6532453745367FD83474357495743757435D S
+ S: OK
+
+ The first item on a line is the hexified fingerprint where MD5
+fingerprints are `00' padded to the left and the second item is a flag
+to indicate the type of key (so that gpg is able to only take care of
+PGP keys). P = OpenPGP, S = S/MIME. A client should ignore the rest
+of the line, so that we can extend the format in the future.
+
+ Finally a client should be able to mark a key as trusted:
+
+ MARKTRUSTED FINGERPRINT "P"|"S"
+
+ The server will then pop up a window to ask the user whether she
+really trusts this key. For this it will probably ask for a text to be
+displayed like this:
+
+ S: INQUIRE TRUSTDESC
+ C: D Do you trust the key with the fingerprint @FPR@
+ C: D bla fasel blurb.
+ C: END
+ S: OK
+
+ Known sequences with the pattern @foo@ are replaced according to this
+table:
+
+`@FPR16@'
+ Format the fingerprint according to gpg rules for a v3 keys.
+
+`@FPR20@'
+ Format the fingerprint according to gpg rules for a v4 keys.
+
+`@FPR@'
+ Choose an appropriate format to format the fingerprint.
+
+`@@'
+ Replaced by a single `@'
+
+
+File: gnupg.info, Node: Agent GET_PASSPHRASE, Next: Agent GET_CONFIRMATION, Prev: Agent ISTRUSTED, Up: Agent Protocol
+
+2.6.7 Ask for a passphrase
+--------------------------
+
+This function is usually used to ask for a passphrase to be used for
+conventional encryption, but may also be used by programs which need
+special handling of passphrases. This command uses a syntax which helps
+clients to use the agent with minimum effort.
+
+ GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] CACHE_ID [ERROR_MESSAGE PROMPT DESCRIPTION]
+
+ CACHE_ID is expected to be a string used to identify a cached
+passphrase. Use a `X' to bypass the cache. With no other arguments
+the agent returns a cached passphrase or an error. By convention
+either the hexified fingerprint of the key shall be used for CACHE_ID
+or an arbitrary string prefixed with the name of the calling
+application and a colon: Like `gpg:somestring'.
+
+ ERROR_MESSAGE is either a single `X' for no error message or a
+string to be shown as an error message like (e.g. "invalid
+passphrase"). Blanks must be percent escaped or replaced by `+''.
+
+ PROMPT is either a single `X' for a default prompt or the text to be
+shown as the prompt. Blanks must be percent escaped or replaced by `+'.
+
+ DESCRIPTION is a text shown above the entry field. Blanks must be
+percent escaped or replaced by `+'.
+
+ The agent either returns with an error or with a OK followed by the
+hex encoded passphrase. Note that the length of the strings is
+implicitly limited by the maximum length of a command. If the option
+`--data' is used, the passphrase is not returned on the OK line but by
+regular data lines; this is the preferred method.
+
+ If the option `--check' is used, the standard passphrase constraints
+checks are applied. A check is not done if the passphrase has been
+found in the cache.
+
+ If the option `--no-ask' is used and the passphrase is not in the
+cache the user will not be asked to enter a passphrase but the error
+code `GPG_ERR_NO_DATA' is returned.
+
+ If the option `--qualitybar' is used and a minimum passphrase length
+has been configured, a visual indication of the entered passphrase
+quality is shown.
+
+ CLEAR_PASSPHRASE CACHE_ID
+
+ may be used to invalidate the cache entry for a passphrase. The
+function returns with OK even when there is no cached passphrase.
+
+
+File: gnupg.info, Node: Agent GET_CONFIRMATION, Next: Agent HAVEKEY, Prev: Agent GET_PASSPHRASE, Up: Agent Protocol
+
+2.6.8 Ask for confirmation
+--------------------------
+
+This command may be used to ask for a simple confirmation by presenting
+a text and 2 buttons: Okay and Cancel.
+
+ GET_CONFIRMATION DESCRIPTION
+
+ DESCRIPTIONis displayed along with a Okay and Cancel button. Blanks
+must be percent escaped or replaced by `+'. A `X' may be used to
+display confirmation dialog with a default text.
+
+ The agent either returns with an error or with a OK. Note, that the
+length of DESCRIPTION is implicitly limited by the maximum length of a
+command.
+
+
+File: gnupg.info, Node: Agent HAVEKEY, Next: Agent LEARN, Prev: Agent GET_CONFIRMATION, Up: Agent Protocol
+
+2.6.9 Check whether a key is available
+--------------------------------------
+
+This can be used to see whether a secret key is available. It does not
+return any information on whether the key is somehow protected.
+
+ HAVEKEY KEYGRIPS
+
+ The agent answers either with OK or `No_Secret_Key' (208). The
+caller may want to check for other error codes as well. More than one
+keygrip may be given. In this case the command returns success if at
+least one of the keygrips corresponds to an available secret key.
+
+
+File: gnupg.info, Node: Agent LEARN, Next: Agent PASSWD, Prev: Agent HAVEKEY, Up: Agent Protocol
+
+2.6.10 Register a smartcard
+---------------------------
+
+ LEARN [--send]
+
+ This command is used to register a smartcard. With the -send option
+given the certificates are send back.
+
+
+File: gnupg.info, Node: Agent PASSWD, Next: Agent UPDATESTARTUPTTY, Prev: Agent LEARN, Up: Agent Protocol
+
+2.6.11 Change a Passphrase
+--------------------------
+
+ PASSWD KEYGRIP
+
+ This command is used to interactively change the passphrase of the
+key identified by the hex string KEYGRIP.
+
+
+File: gnupg.info, Node: Agent UPDATESTARTUPTTY, Next: Agent GETEVENTCOUNTER, Prev: Agent PASSWD, Up: Agent Protocol
+
+2.6.12 Change the standard display
+----------------------------------
+
+ UPDATESTARTUPTTY
+
+ Set the startup TTY and X-DISPLAY variables to the values of this
+session. This command is useful to direct future pinentry invocations
+to another screen. It is only required because there is no way in the
+ssh-agent protocol to convey this information.
+
+
+File: gnupg.info, Node: Agent GETEVENTCOUNTER, Next: Agent GETINFO, Prev: Agent UPDATESTARTUPTTY, Up: Agent Protocol
+
+2.6.13 Get the Event Counters
+-----------------------------
+
+ GETEVENTCOUNTER
+
+ This function return one status line with the current values of the
+event counters. The event counters are useful to avoid polling by
+delaying a poll until something has changed. The values are decimal
+numbers in the range `0' to `UINT_MAX' and wrapping around to 0. The
+actual values should not be relied upon; they shall only be used to
+detect a change.
+
+ The currently defined counters are are:
+`ANY'
+ Incremented with any change of any of the other counters.
+
+`KEY'
+ Incremented for added or removed private keys.
+
+`CARD'
+ Incremented for changes of the card readers stati.
+
+
+File: gnupg.info, Node: Agent GETINFO, Next: Agent OPTION, Prev: Agent GETEVENTCOUNTER, Up: Agent Protocol
+
+2.6.14 Return information about the process
+-------------------------------------------
+
+This is a multipurpose function to return a variety of information.
+
+ GETINFO WHAT
+
+ The value of WHAT specifies the kind of information returned:
+`version'
+ Return the version of the program.
+
+`pid'
+ Return the process id of the process.
+
+`socket_name'
+ Return the name of the socket used to connect the agent.
+
+`ssh_socket_name'
+ Return the name of the socket used for SSH connections. If SSH
+ support has not been enabled the error `GPG_ERR_NO_DATA' will be
+ returned.
+
+
+File: gnupg.info, Node: Agent OPTION, Prev: Agent GETINFO, Up: Agent Protocol
+
+2.6.15 Set options for the session
+----------------------------------
+
+Here is a list of session options which are not yet described with
+other commands. The general syntax for an Assuan option is:
+
+ OPTION KEY=VALUE
+
+Supported KEYs are:
+
+`agent-awareness'
+ This may be used to tell gpg-agent of which gpg-agent version the
+ client is aware of. gpg-agent uses this information to enable
+ features which might break older clients.
+
+`putenv'
+ Change the session's environment to be used for the Pinentry.
+ Valid values are:
+
+ `NAME'
+ Delete envvar NAME
+
+ `NAME='
+ Set envvar NAME to the empty string
+
+ `NAME=VALUE'
+ Set envvar NAME to the string VALUE.
+
+`use-cache-for-signing'
+ See Assuan command `PKSIGN'.
+
+`allow-pinentry-notify'
+ This does not need any value. It is used to enable the
+ PINENTRY_LAUNCHED inquiry.
+
+
+
+File: gnupg.info, Node: Invoking GPG, Next: Invoking GPGSM, Prev: Invoking GPG-AGENT, Up: Top
+
+3 Invoking GPG
+**************
+
+`gpg2' is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a
+tool to provide digital encryption and signing services using the
+OpenPGP standard. `gpg2' features complete key management and all bells
+and whistles you can expect from a decent OpenPGP implementation.
+
+ In contrast to the standalone version `gpg', which is more suited
+for server and embedded platforms, this version is commonly installed
+under the name `gpg2' and more targeted to the desktop as it requires
+several other modules to be installed. The standalone version will be
+kept maintained and it is possible to install both versions on the same
+system. If you need to use different configuration files, you should
+make use of something like `gpg.conf-2' instead of just `gpg.conf'.
+
+ Documentation for the old standard `gpg' is available as a man page
+and at *note GnuPG 1: (gpg)Top.
+
+ *Note Option Index::, for an index to `gpg2''s commands and options.
+
+* Menu:
+
+* GPG Commands:: List of all commands.
+* GPG Options:: List of all options.
+* GPG Configuration:: Configuration files.
+* GPG Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage of GPG:: Using `gpg' from other programs.
+
+
+File: gnupg.info, Node: GPG Commands, Next: GPG Options, Up: Invoking GPG
+
+3.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+ `gpg2' may be run with no commands, in which case it will perform a
+reasonable action depending on the type of file it is given as input
+(an encrypted message is decrypted, a signature is verified, a file
+containing keys is listed).
+
+ Please remember that option as well as command parsing stops as soon
+as a non-option is encountered, you can explicitly stop parsing by
+using the special option `--'.
+
+* Menu:
+
+* General GPG Commands:: Commands not specific to the functionality.
+* Operational GPG Commands:: Commands to select the type of operation.
+* OpenPGP Key Management:: How to manage your keys.
+
+
+File: gnupg.info, Node: General GPG Commands, Next: Operational GPG Commands, Up: GPG Commands
+
+3.1.1 Commands not specific to the function
+-------------------------------------------
+
+`--version'
+ Print the program version and licensing information. Note that you
+ cannot abbreviate this command.
+
+`--help'
+`-h'
+ Print a usage message summarizing the most useful command line
+ options. Note that you cannot abbreviate this command.
+
+`--warranty'
+ Print warranty information.
+
+`--dump-options'
+ Print a list of all available options and commands. Note that you
+ cannot abbreviate this command.
+
+
+File: gnupg.info, Node: Operational GPG Commands, Next: OpenPGP Key Management, Prev: General GPG Commands, Up: GPG Commands
+
+3.1.2 Commands to select the type of operation
+----------------------------------------------
+
+`--sign'
+`-s'
+ Make a signature. This command may be combined with `--encrypt'
+ (for a signed and encrypted message), `--symmetric' (for a signed
+ and symmetrically encrypted message), or `--encrypt' and
+ `--symmetric' together (for a signed message that may be decrypted
+ via a secret key or a passphrase). The key to be used for signing
+ is chosen by default or can be set with the `--local-user' and
+ `--default-key' options.
+
+`--clearsign'
+ Make a clear text signature. The content in a clear text
+ signature is readable without any special software. OpenPGP
+ software is only needed to verify the signature. Clear text
+ signatures may modify end-of-line whitespace for platform
+ independence and are not intended to be reversible. The key to be
+ used for signing is chosen by default or can be set with the
+ `--local-user' and `--default-key' options.
+
+`--detach-sign'
+`-b'
+ Make a detached signature.
+
+`--encrypt'
+`-e'
+ Encrypt data. This option may be combined with `--sign' (for a
+ signed and encrypted message), `--symmetric' (for a message that
+ may be decrypted via a secret key or a passphrase), or `--sign'
+ and `--symmetric' together (for a signed message that may be
+ decrypted via a secret key or a passphrase).
+
+`--symmetric'
+`-c'
+ Encrypt with a symmetric cipher using a passphrase. The default
+ symmetric cipher used is CAST5, but may be chosen with the
+ `--cipher-algo' option. This option may be combined with `--sign'
+ (for a signed and symmetrically encrypted message), `--encrypt'
+ (for a message that may be decrypted via a secret key or a
+ passphrase), or `--sign' and `--encrypt' together (for a signed
+ message that may be decrypted via a secret key or a passphrase).
+
+`--store'
+ Store only (make a simple RFC1991 literal data packet).
+
+`--decrypt'
+`-d'
+ Decrypt the file given on the command line (or STDIN if no file is
+ specified) and write it to STDOUT (or the file specified with
+ `--output'). If the decrypted file is signed, the signature is also
+ verified. This command differs from the default operation, as it
+ never writes to the filename which is included in the file and it
+ rejects files which don't begin with an encrypted message.
+
+`--verify'
+ Assume that the first argument is a signed file or a detached
+ signature and verify it without generating any output. With no
+ arguments, the signature packet is read from STDIN. If only a
+ sigfile is given, it may be a complete signature or a detached
+ signature, in which case the signed stuff is expected in a file
+ without the ".sig" or ".asc" extension. With more than 1
+ argument, the first should be a detached signature and the
+ remaining files are the signed stuff. To read the signed stuff
+ from STDIN, use `-' as the second filename. For security reasons
+ a detached signature cannot read the signed material from STDIN
+ without denoting it in the above way.
+
+`--multifile'
+ This modifies certain other commands to accept multiple files for
+ processing on the command line or read from STDIN with each
+ filename on a separate line. This allows for many files to be
+ processed at once. `--multifile' may currently be used along with
+ `--verify', `--encrypt', and `--decrypt'. Note that `--multifile
+ --verify' may not be used with detached signatures.
+
+`--verify-files'
+ Identical to `--multifile --verify'.
+
+`--encrypt-files'
+ Identical to `--multifile --encrypt'.
+
+`--decrypt-files'
+ Identical to `--multifile --decrypt'.
+
+`--list-keys'
+`-k'
+`--list-public-keys'
+ List all keys from the public keyrings, or just the keys given on
+ the command line.
+
+ Avoid using the output of this command in scripts or other
+ programs as it is likely to change as GnuPG changes. See
+ `--with-colons' for a machine-parseable key listing command that
+ is appropriate for use in scripts and other programs.
+
+`--list-secret-keys'
+`-K'
+ List all keys from the secret keyrings, or just the ones given on
+ the command line. A `#' after the letters `sec' means that the
+ secret key is not usable (for example, if it was created via
+ `--export-secret-subkeys').
+
+`--list-sigs'
+ Same as `--list-keys', but the signatures are listed too. This
+ command has the same effect as using `--list-keys' with
+ `--with-sig-list'.
+
+ For each signature listed, there are several flags in between the
+ "sig" tag and keyid. These flags give additional information about
+ each signature. From left to right, they are the numbers 1-3 for
+ certificate check level (see `--ask-cert-level'), "L" for a local
+ or non-exportable signature (see `--lsign-key'), "R" for a
+ nonRevocable signature (see the `--edit-key' command "nrsign"),
+ "P" for a signature that contains a policy URL (see
+ `--cert-policy-url'), "N" for a signature that contains a notation
+ (see `--cert-notation'), "X" for an eXpired signature (see
+ `--ask-cert-expire'), and the numbers 1-9 or "T" for 10 and above
+ to indicate trust signature levels (see the `--edit-key' command
+ "tsign").
+
+`--check-sigs'
+ Same as `--list-sigs', but the signatures are verified. Note that
+ for performance reasons the revocation status of a signing key is
+ not shown. This command has the same effect as using
+ `--list-keys' with `--with-sig-check'.
+
+ The status of the verification is indicated by a flag directly
+ following the "sig" tag (and thus before the flags described above
+ for `--list-sigs'). A "!" indicates that the signature has been
+ successfully verified, a "-" denotes a bad signature and a "%" is
+ used if an error occurred while checking the signature (e.g. a non
+ supported algorithm).
+
+`--locate-keys'
+ Locate the keys given as arguments. This command basically uses
+ the same algorithm as used when locating keys for encryption or
+ signing and may thus be used to see what keys `gpg2' might use. In
+ particular external methods as defined by `--auto-key-locate' may
+ be used to locate a key. Only public keys are listed.
+
+`--fingerprint'
+ List all keys (or the specified ones) along with their
+ fingerprints. This is the same output as `--list-keys' but with
+ the additional output of a line with the fingerprint. May also be
+ combined with `--list-sigs' or `--check-sigs'. If this command is
+ given twice, the fingerprints of all secondary keys are listed too.
+
+`--list-packets'
+ List only the sequence of packets. This is mainly useful for
+ debugging.
+
+`--card-edit'
+ Present a menu to work with a smartcard. The subcommand "help"
+ provides an overview on available commands. For a detailed
+ description, please see the Card HOWTO at
+ http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
+
+`--card-status'
+ Show the content of the smart card.
+
+`--change-pin'
+ Present a menu to allow changing the PIN of a smartcard. This
+ functionality is also available as the subcommand "passwd" with the
+ `--card-edit' command.
+
+`--delete-key `name''
+ Remove key from the public keyring. In batch mode either `--yes' is
+ required or the key must be specified by fingerprint. This is a
+ safeguard against accidental deletion of multiple keys.
+
+`--delete-secret-key `name''
+ Remove key from the secret and public keyring. In batch mode the
+ key must be specified by fingerprint.
+
+`--delete-secret-and-public-key `name''
+ Same as `--delete-key', but if a secret key exists, it will be
+ removed first. In batch mode the key must be specified by
+ fingerprint.
+
+`--export'
+ Either export all keys from all keyrings (default keyrings and
+ those registered via option `--keyring'), or if at least one name
+ is given, those of the given name. The new keyring is written to
+ STDOUT or to the file given with option `--output'. Use together
+ with `--armor' to mail those keys.
+
+`--send-keys `key IDs''
+ Similar to `--export' but sends the keys to a keyserver.
+ Fingerprints may be used instead of key IDs. Option `--keyserver'
+ must be used to give the name of this keyserver. Don't send your
+ complete keyring to a keyserver -- select only those keys which
+ are new or changed by you. If no key IDs are given, `gpg' does
+ nothing.
+
+`--export-secret-keys'
+`--export-secret-subkeys'
+ Same as `--export', but exports the secret keys instead. This is
+ normally not very useful and a security risk. The second form of
+ the command has the special property to render the secret part of
+ the primary key useless; this is a GNU extension to OpenPGP and
+ other implementations can not be expected to successfully import
+ such a key. See the option `--simple-sk-checksum' if you want to
+ import such an exported key with an older OpenPGP implementation.
+
+`--import'
+`--fast-import'
+ Import/merge keys. This adds the given keys to the keyring. The
+ fast version is currently just a synonym.
+
+ There are a few other options which control how this command works.
+ Most notable here is the `--import-options merge-only' option
+ which does not insert new keys but does only the merging of new
+ signatures, user-IDs and subkeys.
+
+`--recv-keys `key IDs''
+ Import the keys with the given key IDs from a keyserver. Option
+ `--keyserver' must be used to give the name of this keyserver.
+
+`--refresh-keys'
+ Request updates from a keyserver for keys that already exist on the
+ local keyring. This is useful for updating a key with the latest
+ signatures, user IDs, etc. Calling this with no arguments will
+ refresh the entire keyring. Option `--keyserver' must be used to
+ give the name of the keyserver for all keys that do not have
+ preferred keyservers set (see `--keyserver-options
+ honor-keyserver-url').
+
+`--search-keys `names''
+ Search the keyserver for the given names. Multiple names given
+ here will be joined together to create the search string for the
+ keyserver. Option `--keyserver' must be used to give the name of
+ this keyserver. Keyservers that support different search methods
+ allow using the syntax specified in "How to specify a user ID"
+ below. Note that different keyserver types support different
+ search methods. Currently only LDAP supports them all.
+
+`--fetch-keys `URIs''
+ Retrieve keys located at the specified URIs. Note that different
+ installations of GnuPG may support different protocols (HTTP, FTP,
+ LDAP, etc.)
+
+`--update-trustdb'
+ Do trust database maintenance. This command iterates over all keys
+ and builds the Web of Trust. This is an interactive command
+ because it may have to ask for the "ownertrust" values for keys.
+ The user has to give an estimation of how far she trusts the owner
+ of the displayed key to correctly certify (sign) other keys. GnuPG
+ only asks for the ownertrust value if it has not yet been assigned
+ to a key. Using the `--edit-key' menu, the assigned value can be
+ changed at any time.
+
+`--check-trustdb'
+ Do trust database maintenance without user interaction. From time
+ to time the trust database must be updated so that expired keys or
+ signatures and the resulting changes in the Web of Trust can be
+ tracked. Normally, GnuPG will calculate when this is required and
+ do it automatically unless `--no-auto-check-trustdb' is set. This
+ command can be used to force a trust database check at any time.
+ The processing is identical to that of `--update-trustdb' but it
+ skips keys with a not yet defined "ownertrust".
+
+ For use with cron jobs, this command can be used together with
+ `--batch' in which case the trust database check is done only if a
+ check is needed. To force a run even in batch mode add the option
+ `--yes'.
+
+`--export-ownertrust'
+ Send the ownertrust values to STDOUT. This is useful for backup
+ purposes as these values are the only ones which can't be
+ re-created from a corrupted trustdb. Example:
+ gpg2 --export-ownertrust > otrust.txt
+
+`--import-ownertrust'
+ Update the trustdb with the ownertrust values stored in `files' (or
+ STDIN if not given); existing values will be overwritten. In case
+ of a severely damaged trustdb and if you have a recent backup of
+ the ownertrust values (e.g. in the file `otrust.txt', you may
+ re-create the trustdb using these commands:
+ cd ~/.gnupg
+ rm trustdb.gpg
+ gpg2 --import-ownertrust < otrust.txt
+
+`--rebuild-keydb-caches'
+ When updating from version 1.0.6 to 1.0.7 this command should be
+ used to create signature caches in the keyring. It might be handy
+ in other situations too.
+
+`--print-md `algo''
+`--print-mds'
+ Print message digest of algorithm ALGO for all given files or
+ STDIN. With the second form (or a deprecated "*" as algo) digests
+ for all available algorithms are printed.
+
+`--gen-random `0|1|2' `count''
+ Emit COUNT random bytes of the given quality level 0, 1 or 2. If
+ COUNT is not given or zero, an endless sequence of random bytes
+ will be emitted. If used with `--armor' the output will be base64
+ encoded. PLEASE, don't use this command unless you know what you
+ are doing; it may remove precious entropy from the system!
+
+`--gen-prime `mode' `bits''
+ Use the source, Luke :-). The output format is still subject to
+ change.
+
+`--enarmor'
+
+`--dearmor'
+ Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor.
+ This is a GnuPG extension to OpenPGP and in general not very
+ useful.
+
+
+
+File: gnupg.info, Node: OpenPGP Key Management, Prev: Operational GPG Commands, Up: GPG Commands
+
+3.1.3 How to manage your keys
+-----------------------------
+
+This section explains the main commands for key management
+
+`--gen-key'
+ Generate a new key pair. This command is normally only used
+ interactively.
+
+ There is an experimental feature which allows you to create keys in
+ batch mode. See the file `doc/DETAILS' in the source distribution
+ on how to use this.
+
+`--gen-revoke `name''
+ Generate a revocation certificate for the complete key. To revoke
+ a subkey or a signature, use the `--edit' command.
+
+`--desig-revoke `name''
+ Generate a designated revocation certificate for a key. This
+ allows a user (with the permission of the keyholder) to revoke
+ someone else's key.
+
+`--edit-key'
+ Present a menu which enables you to do most of the key management
+ related tasks. It expects the specification of a key on the
+ command line.
+
+ uid `n'
+ Toggle selection of user ID or photographic user ID with
+ index `n'. Use `*' to select all and `0' to deselect all.
+
+ key `n'
+ Toggle selection of subkey with index `n'. Use `*' to
+ select all and `0' to deselect all.
+
+ sign
+ Make a signature on key of user `name' If the key is not yet
+ signed by the default user (or the users given with -u), the
+ program displays the information of the key again, together
+ with its fingerprint and asks whether it should be signed.
+ This question is repeated for all users specified with -u.
+
+ lsign
+ Same as "sign" but the signature is marked as non-exportable
+ and will therefore never be used by others. This may be
+ used to make keys valid only in the local environment.
+
+ nrsign
+ Same as "sign" but the signature is marked as non-revocable
+ and can therefore never be revoked.
+
+ tsign
+ Make a trust signature. This is a signature that combines the
+ notions of certification (like a regular signature), and
+ trust (like the "trust" command). It is generally only
+ useful in distinct communities or groups.
+
+ Note that "l" (for local / non-exportable), "nr" (for
+ non-revocable, and "t" (for trust) may be freely mixed and
+ prefixed to "sign" to create a signature of any type desired.
+
+ delsig
+ Delete a signature. Note that it is not possible to retract a
+ signature, once it has been send to the public (i.e. to a
+ keyserver). In that case you better use `revsig'.
+
+ revsig
+ Revoke a signature. For every signature which has been
+ generated by one of the secret keys, GnuPG asks whether a
+ revocation certificate should be generated.
+
+ check
+ Check the signatures on all selected user IDs.
+
+ adduid
+ Create an additional user ID.
+
+ addphoto
+ Create a photographic user ID. This will prompt for a JPEG
+ file that will be embedded into the user ID. Note that a
+ very large JPEG will make for a very large key. Also note
+ that some programs will display your JPEG unchanged
+ (GnuPG), and some programs will scale it to fit in a dialog
+ box (PGP).
+
+ showphoto
+ Display the selected photographic user ID.
+
+ deluid
+ Delete a user ID or photographic user ID. Note that it is not
+ possible to retract a user id, once it has been send to the
+ public (i.e. to a keyserver). In that case you better use
+ `revuid'.
+
+ revuid
+ Revoke a user ID or photographic user ID.
+
+ primary
+ Flag the current user id as the primary one, removes the
+ primary user id flag from all other user ids and sets the
+ timestamp of all affected self-signatures one second ahead.
+ Note that setting a photo user ID as primary makes it
+ primary over other photo user IDs, and setting a regular
+ user ID as primary makes it primary over other regular user
+ IDs.
+
+ keyserver
+ Set a preferred keyserver for the specified user ID(s). This
+ allows other users to know where you prefer they get your
+ key from. See `--keyserver-options honor-keyserver-url' for
+ more on how this works. Setting a value of "none" removes
+ an existing preferred keyserver.
+
+ notation
+ Set a name=value notation for the specified user ID(s). See
+ `--cert-notation' for more on how this works. Setting a value
+ of "none" removes all notations, setting a notation
+ prefixed with a minus sign (-) removes that notation, and
+ setting a notation name (without the =value) prefixed with
+ a minus sign removes all notations with that name.
+
+ pref
+ List preferences from the selected user ID. This shows the
+ actual preferences, without including any implied
+ preferences.
+
+ showpref
+ More verbose preferences listing for the selected user ID.
+ This shows the preferences in effect by including the
+ implied preferences of 3DES (cipher), SHA-1 (digest), and
+ Uncompressed (compression) if they are not already included
+ in the preference list. In addition, the preferred
+ keyserver and signature notations (if any) are shown.
+
+ setpref `string'
+ Set the list of user ID preferences to `string' for all (or
+ just the selected) user IDs. Calling setpref with no
+ arguments sets the preference list to the default (either
+ built-in or set via `--default-preference-list'), and
+ calling setpref with "none" as the argument sets an empty
+ preference list. Use `gpg2 --version' to get a list of
+ available algorithms. Note that while you can change the
+ preferences on an attribute user ID (aka "photo ID"), GnuPG
+ does not select keys via attribute user IDs so these
+ preferences will not be used by GnuPG.
+
+ When setting preferences, you should list the algorithms in
+ the order which you'd like to see them used by someone else
+ when encrypting a message to your key. If you don't
+ include 3DES, it will be automatically added at the end.
+ Note that there are many factors that go into choosing an
+ algorithm (for example, your key may not be the only
+ recipient), and so the remote OpenPGP application being used
+ to send to you may or may not follow your exact chosen
+ order for a given message. It will, however, only choose
+ an algorithm that is present on the preference list of
+ every recipient key. See also the INTEROPERABILITY WITH
+ OTHER OPENPGP PROGRAMS section below.
+
+ addkey
+ Add a subkey to this key.
+
+ addcardkey
+ Generate a subkey on a card and add it to this key.
+
+ keytocard
+ Transfer the selected secret subkey (or the primary key if no
+ subkey has been selected) to a smartcard. The secret key in
+ the keyring will be replaced by a stub if the key could be
+ stored successfully on the card and you use the save
+ command later. Only certain key types may be transferred to
+ the card. A sub menu allows you to select on what card to
+ store the key. Note that it is not possible to get that key
+ back from the card - if the card gets broken your secret
+ key will be lost unless you have a backup somewhere.
+
+ bkuptocard `file'
+ Restore the given file to a card. This command may be used to
+ restore a backup key (as generated during card
+ initialization) to a new card. In almost all cases this
+ will be the encryption key. You should use this command
+ only with the corresponding public key and make sure that the
+ file given as argument is indeed the backup to restore. You
+ should then select 2 to restore as encryption key. You
+ will first be asked to enter the passphrase of the backup
+ key and then for the Admin PIN of the card.
+
+ delkey
+ Remove a subkey (secondart key). Note that it is not possible
+ to retract a subkey, once it has been send to the public
+ (i.e. to a keyserver). In that case you better use
+ `revkey'.
+
+ revkey
+ Revoke a subkey.
+
+ expire
+ Change the key or subkey expiration time. If a subkey is
+ selected, the expiration time of this subkey will be
+ changed. With no selection, the key expiration of the
+ primary key is changed.
+
+ trust
+ Change the owner trust value for the key. This updates the
+ trust-db immediately and no save is required.
+
+ disable
+ enable
+ Disable or enable an entire key. A disabled key can not
+ normally be used for encryption.
+
+ addrevoker
+ Add a designated revoker to the key. This takes one optional
+ argument: "sensitive". If a designated revoker is marked as
+ sensitive, it will not be exported by default (see
+ export-options).
+
+ passwd
+ Change the passphrase of the secret key.
+
+ toggle
+ Toggle between public and secret key listing.
+
+ clean
+ Compact (by removing all signatures except the selfsig) any
+ user ID that is no longer usable (e.g. revoked, or
+ expired). Then, remove any signatures that are not usable
+ by the trust calculations. Specifically, this removes any
+ signature that does not validate, any signature that is
+ superseded by a later signature, revoked signatures, and
+ signatures issued by keys that are not present on the keyring.
+
+ minimize
+ Make the key as small as possible. This removes all
+ signatures from each user ID except for the most recent
+ self-signature.
+
+ cross-certify
+ Add cross-certification signatures to signing subkeys that
+ may not currently have them. Cross-certification signatures
+ protect against a subtle attack against signing subkeys. See
+ `--require-cross-certification'. All new keys generated have
+ this signature by default, so this option is only useful to
+ bring older keys up to date.
+
+ save
+ Save all changes to the key rings and quit.
+
+ quit
+ Quit the program without updating the key rings.
+
+ The listing shows you the key with its secondary keys and all user
+ ids. The primary user id is indicated by a dot, and selected keys
+ or user ids are indicated by an asterisk. The trust value is
+ displayed with the primary key: the first is the assigned owner
+ trust and the second is the calculated trust value. Letters are
+ used for the values:
+
+ -
+ No ownertrust assigned / not yet calculated.
+
+ e
+ Trust calculation has failed; probably due to an expired
+ key.
+
+ q
+ Not enough information for calculation.
+
+ n
+ Never trust this key.
+
+ m
+ Marginally trusted.
+
+ f
+ Fully trusted.
+
+ u
+ Ultimately trusted.
+
+
+`--sign-key `name''
+ Signs a public key with your secret key. This is a shortcut
+ version of the subcommand "sign" from `--edit'.
+
+`--lsign-key `name''
+ Signs a public key with your secret key but marks it as
+ non-exportable. This is a shortcut version of the subcommand
+ "lsign" from `--edit-key'.
+
+`--passwd USER_ID'
+ Change the passphrase of the secret key belonging to the
+ certificate specified as USER_ID. This is a shortcut for the
+ sub-command `passwd' of the edit key menu.
+
+
+
+File: gnupg.info, Node: GPG Options, Next: GPG Configuration, Prev: GPG Commands, Up: Invoking GPG
+
+3.2 Option Summary
+==================
+
+`gpg2' features a bunch of options to control the exact behaviour and
+to change the default configuration.
+
+* Menu:
+
+* GPG Configuration Options:: How to change the configuration.
+* GPG Key related Options:: Key related options.
+* GPG Input and Output:: Input and Output.
+* OpenPGP Options:: OpenPGP protocol specific options.
+* GPG Esoteric Options:: Doing things one usually don't want to do.
+
+ Long options can be put in an options file (default
+"~/.gnupg/gpg.conf"). Short option names will not work - for example,
+"armor" is a valid option for the options file, while "a" is not. Do not
+write the 2 dashes, but simply the name of the option and any required
+arguments. Lines with a hash ('#') as the first non-white-space
+character are ignored. Commands may be put in this file too, but that is
+not generally useful as the command will execute automatically with
+every execution of gpg.
+
+ Please remember that option parsing stops as soon as a non-option is
+encountered, you can explicitly stop parsing by using the special option
+`--'.
+
+
+File: gnupg.info, Node: GPG Configuration Options, Next: GPG Key related Options, Up: GPG Options
+
+3.2.1 How to change the configuration
+-------------------------------------
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+`--default-key NAME'
+ Use NAME as the default key to sign with. If this option is not
+ used, the default key is the first key found in the secret keyring.
+ Note that `-u' or `--local-user' overrides this option.
+
+`--default-recipient NAME'
+ Use NAME as default recipient if option `--recipient' is not used
+ and don't ask if this is a valid one. NAME must be non-empty.
+
+`--default-recipient-self'
+ Use the default key as default recipient if option `--recipient'
+ is not used and don't ask if this is a valid one. The default key
+ is the first one from the secret keyring or the one set with
+ `--default-key'.
+
+`--no-default-recipient'
+ Reset `--default-recipient' and `--default-recipient-self'.
+
+`-v, --verbose'
+ Give more information during processing. If used twice, the input
+ data is listed in detail.
+
+`--no-verbose'
+ Reset verbose level to 0.
+
+`-q, --quiet'
+ Try to be as quiet as possible.
+
+`--batch'
+`--no-batch'
+ Use batch mode. Never ask, do not allow interactive commands.
+ `--no-batch' disables this option. Note that even with a filename
+ given on the command line, gpg might still need to read from STDIN
+ (in particular if gpg figures that the input is a detached
+ signature and no data file has been specified). Thus if you do
+ not want to feed data via STDIN, you should connect STDIN to
+ `/dev/null'.
+
+`--no-tty'
+ Make sure that the TTY (terminal) is never used for any output.
+ This option is needed in some cases because GnuPG sometimes prints
+ warnings to the TTY even if `--batch' is used.
+
+`--yes'
+ Assume "yes" on most questions.
+
+`--no'
+ Assume "no" on most questions.
+
+`--list-options `parameters''
+ This is a space or comma delimited string that gives options used
+ when listing keys and signatures (that is, `--list-keys',
+ `--list-sigs', `--list-public-keys', `--list-secret-keys', and the
+ `--edit-key' functions). Options can be prepended with a `no-'
+ (after the two dashes) to give the opposite meaning. The options
+ are:
+
+ show-photos
+ Causes `--list-keys', `--list-sigs', `--list-public-keys',
+ and `--list-secret-keys' to display any photo IDs attached
+ to the key. Defaults to no. See also `--photo-viewer'.
+ Does not work with `--with-colons': see `--attribute-fd'
+ for the appropriate way to get photo data for scripts and
+ other frontends.
+
+ show-policy-urls
+ Show policy URLs in the `--list-sigs' or `--check-sigs'
+ listings. Defaults to no.
+
+ show-notations
+ show-std-notations
+ show-user-notations
+ Show all, IETF standard, or user-defined signature notations
+ in the `--list-sigs' or `--check-sigs' listings. Defaults
+ to no.
+
+ show-keyserver-urls
+ Show any preferred keyserver URL in the `--list-sigs' or
+ `--check-sigs' listings. Defaults to no.
+
+ show-uid-validity
+ Display the calculated validity of user IDs during key
+ listings. Defaults to no.
+
+ show-unusable-uids
+ Show revoked and expired user IDs in key listings. Defaults
+ to no.
+
+ show-unusable-subkeys
+ Show revoked and expired subkeys in key listings. Defaults to
+ no.
+
+ show-keyring
+ Display the keyring name at the head of key listings to show
+ which keyring a given key resides on. Defaults to no.
+
+ show-sig-expire
+ Show signature expiration dates (if any) during `--list-sigs'
+ or `--check-sigs' listings. Defaults to no.
+
+ show-sig-subpackets
+ Include signature subpackets in the key listing. This option
+ can take an optional argument list of the subpackets to
+ list. If no argument is passed, list all subpackets.
+ Defaults to no. This option is only meaningful when using
+ `--with-colons' along with `--list-sigs' or `--check-sigs'.
+
+
+`--verify-options `parameters''
+ This is a space or comma delimited string that gives options used
+ when verifying signatures. Options can be prepended with a `no-'
+ to give the opposite meaning. The options are:
+
+ show-photos
+ Display any photo IDs present on the key that issued the
+ signature. Defaults to no. See also `--photo-viewer'.
+
+ show-policy-urls
+ Show policy URLs in the signature being verified. Defaults to
+ no.
+
+ show-notations
+ show-std-notations
+ show-user-notations
+ Show all, IETF standard, or user-defined signature notations
+ in the signature being verified. Defaults to IETF standard.
+
+ show-keyserver-urls
+ Show any preferred keyserver URL in the signature being
+ verified. Defaults to no.
+
+ show-uid-validity
+ Display the calculated validity of the user IDs on the key
+ that issued the signature. Defaults to no.
+
+ show-unusable-uids
+ Show revoked and expired user IDs during signature
+ verification. Defaults to no.
+
+ show-primary-uid-only
+ Show only the primary user ID during signature verification.
+ That is all the AKA lines as well as photo Ids are not
+ shown with the signature verification status.
+
+ pka-lookups
+ Enable PKA lookups to verify sender addresses. Note that PKA
+ is based on DNS, and so enabling this option may disclose
+ information on when and what signatures are verified or to
+ whom data is encrypted. This is similar to the "web bug"
+ described for the auto-key-retrieve feature.
+
+ pka-trust-increase
+ Raise the trust in a signature to full if the signature
+ passes PKA validation. This option is only meaningful if
+ pka-lookups is set.
+
+`--enable-dsa2'
+`--disable-dsa2'
+ Enable hash truncation for all DSA keys even for old DSA Keys up to
+ 1024 bit. This is also the default with `--openpgp'. Note that
+ older versions of GnuPG also required this flag to allow the
+ generation of DSA larger than 1024 bit.
+
+`--photo-viewer `string''
+ This is the command line that should be run to view a photo ID.
+ "%i" will be expanded to a filename containing the photo. "%I"
+ does the same, except the file will not be deleted once the viewer
+ exits. Other flags are "%k" for the key ID, "%K" for the long key
+ ID, "%f" for the key fingerprint, "%t" for the extension of the
+ image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g.
+ "image/jpeg"), "%v" for the single-character calculated validity
+ of the image being viewed (e.g. "f"), "%V" for the calculated
+ validity as a string (e.g. "full"), and "%%" for an actual
+ percent sign. If neither %i or %I are present, then the photo will
+ be supplied to the viewer on standard input.
+
+ The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
+ STDIN". Note that if your image viewer program is not secure, then
+ executing it from GnuPG does not make it secure.
+
+`--exec-path `string''
+ Sets a list of directories to search for photo viewers and
+ keyserver helpers. If not provided, keyserver helpers use the
+ compiled-in default directory, and photo viewers use the $PATH
+ environment variable. Note, that on W32 system this value is
+ ignored when searching for keyserver helpers.
+
+`--keyring `file''
+ Add `file' to the current list of keyrings. If `file' begins with
+ a tilde and a slash, these are replaced by the $HOME directory. If
+ the filename does not contain a slash, it is assumed to be in the
+ GnuPG home directory ("~/.gnupg" if `--homedir' or $GNUPGHOME is
+ not used).
+
+ Note that this adds a keyring to the current list. If the intent
+ is to use the specified keyring alone, use `--keyring' along with
+ `--no-default-keyring'.
+
+`--secret-keyring `file''
+ Same as `--keyring' but for the secret keyrings.
+
+`--primary-keyring `file''
+ Designate `file' as the primary public keyring. This means that
+ newly imported keys (via `--import' or keyserver `--recv-from')
+ will go to this keyring.
+
+`--trustdb-name `file''
+ Use `file' instead of the default trustdb. If `file' begins with a
+ tilde and a slash, these are replaced by the $HOME directory. If
+ the filename does not contain a slash, it is assumed to be in the
+ GnuPG home directory (`~/.gnupg' if `--homedir' or $GNUPGHOME is
+ not used).
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`--display-charset `name''
+ Set the name of the native character set. This is used to convert
+ some informational strings like user IDs to the proper UTF-8
+ encoding. Note that this has nothing to do with the character set
+ of data to be encrypted or signed; GnuPG does not recode
+ user-supplied data. If this option is not used, the default
+ character set is determined from the current locale. A verbosity
+ level of 3 shows the chosen set. Valid values for `name' are:
+
+ iso-8859-1
+ This is the Latin 1 set.
+
+ iso-8859-2
+ The Latin 2 set.
+
+ iso-8859-15
+ This is currently an alias for the Latin 1 set.
+
+ koi8-r
+ The usual Russian set (rfc1489).
+
+ utf-8
+ Bypass all translations and assume that the OS uses native
+ UTF-8 encoding.
+
+`--utf8-strings'
+`--no-utf8-strings'
+ Assume that command line arguments are given as UTF8 strings. The
+ default (`--no-utf8-strings') is to assume that arguments are
+ encoded in the character set as specified by `--display-charset'.
+ These options affect all following arguments. Both options may be
+ used multiple times.
+
+`--options `file''
+ Read options from `file' and do not try to read them from the
+ default options file in the homedir (see `--homedir'). This option
+ is ignored if used in an options file.
+
+`--no-options'
+ Shortcut for `--options /dev/null'. This option is detected before
+ an attempt to open an option file. Using this option will also
+ prevent the creation of a `~/.gnupg' homedir.
+
+`-z `n''
+`--compress-level `n''
+`--bzip2-compress-level `n''
+ Set compression level to `n' for the ZIP and ZLIB compression
+ algorithms. The default is to use the default compression level of
+ zlib (normally 6). `--bzip2-compress-level' sets the compression
+ level for the BZIP2 compression algorithm (defaulting to 6 as
+ well). This is a different option from `--compress-level' since
+ BZIP2 uses a significant amount of memory for each additional
+ compression level. `-z' sets both. A value of 0 for `n' disables
+ compression.
+
+`--bzip2-decompress-lowmem'
+ Use a different decompression method for BZIP2 compressed files.
+ This alternate method uses a bit more than half the memory, but
+ also runs at half the speed. This is useful under extreme low
+ memory circumstances when the file was originally compressed at a
+ high `--bzip2-compress-level'.
+
+`--mangle-dos-filenames'
+`--no-mangle-dos-filenames'
+ Older version of Windows cannot handle filenames with more than one
+ dot. `--mangle-dos-filenames' causes GnuPG to replace (rather than
+ add to) the extension of an output filename to avoid this problem.
+ This option is off by default and has no effect on non-Windows
+ platforms.
+
+`--ask-cert-level'
+`--no-ask-cert-level'
+ When making a key signature, prompt for a certification level. If
+ this option is not specified, the certification level used is set
+ via `--default-cert-level'. See `--default-cert-level' for
+ information on the specific levels and how they are used.
+ `--no-ask-cert-level' disables this option. This option defaults
+ to no.
+
+`--default-cert-level `n''
+ The default to use for the check level when signing a key.
+
+ 0 means you make no particular claim as to how carefully you
+ verified the key.
+
+ 1 means you believe the key is owned by the person who claims to
+ own it but you could not, or did not verify the key at all. This is
+ useful for a "persona" verification, where you sign the key of a
+ pseudonymous user.
+
+ 2 means you did casual verification of the key. For example, this
+ could mean that you verified the key fingerprint and checked the
+ user ID on the key against a photo ID.
+
+ 3 means you did extensive verification of the key. For example,
+ this could mean that you verified the key fingerprint with the
+ owner of the key in person, and that you checked, by means of a
+ hard to forge document with a photo ID (such as a passport) that
+ the name of the key owner matches the name in the user ID on the
+ key, and finally that you verified (by exchange of email) that the
+ email address on the key belongs to the key owner.
+
+ Note that the examples given above for levels 2 and 3 are just
+ that: examples. In the end, it is up to you to decide just what
+ "casual" and "extensive" mean to you.
+
+ This option defaults to 0 (no particular claim).
+
+`--min-cert-level'
+ When building the trust database, treat any signatures with a
+ certification level below this as invalid. Defaults to 2, which
+ disregards level 1 signatures. Note that level 0 "no particular
+ claim" signatures are always accepted.
+
+`--trusted-key `long key ID''
+ Assume that the specified key (which must be given as a full 8
+ byte key ID) is as trustworthy as one of your own secret keys.
+ This option is useful if you don't want to keep your secret keys
+ (or one of them) online but still want to be able to check the
+ validity of a given recipient's or signator's key.
+
+`--trust-model `pgp|classic|direct|always|auto''
+ Set what trust model GnuPG should follow. The models are:
+
+ pgp
+ This is the Web of Trust combined with trust signatures as
+ used in PGP 5.x and later. This is the default trust model
+ when creating a new trust database.
+
+ classic
+ This is the standard Web of Trust as used in PGP 2.x and
+ earlier.
+
+ direct
+ Key validity is set directly by the user and not calculated
+ via the Web of Trust.
+
+ always
+ Skip key validation and assume that used keys are always fully
+ trusted. You generally won't use this unless you are using
+ some external validation scheme. This option also
+ suppresses the "[uncertain]" tag printed with signature
+ checks when there is no evidence that the user ID is bound
+ to the key.
+
+ auto
+ Select the trust model depending on whatever the internal
+ trust database says. This is the default model if such a
+ database already exists.
+
+`--auto-key-locate `parameters''
+`--no-auto-key-locate'
+ GnuPG can automatically locate and retrieve keys as needed using
+ this option. This happens when encrypting to an email address (in
+ the "user@example.com" form), and there are no user@example.com
+ keys on the local keyring. This option takes any number of the
+ following mechanisms, in the order they are to be tried:
+
+ cert
+ Locate a key using DNS CERT, as specified in rfc4398.
+
+ pka
+ Locate a key using DNS PKA.
+
+ ldap
+ Using DNS Service Discovery, check the domain in question for
+ any LDAP keyservers to use. If this fails, attempt to
+ locate the key using the PGP Universal method of checking
+ `ldap://keys.(thedomain)'.
+
+ keyserver
+ Locate a key using whatever keyserver is defined using the
+ `--keyserver' option.
+
+ keyserver-URL
+ In addition, a keyserver URL as used in the `--keyserver'
+ option may be used here to query that particular keyserver.
+
+ local
+ Locate the key using the local keyrings. This mechanism
+ allows to select the order a local key lookup is done.
+ Thus using `--auto-key-locate local' is identical to
+ `--no-auto-key-locate'.
+
+ nodefault
+ This flag disables the standard local key lookup, done before
+ any of the mechanisms defined by the `--auto-key-locate'
+ are tried. The position of this mechanism in the list does
+ not matter. It is not required if `local' is also used.
+
+
+`--keyid-format `short|0xshort|long|0xlong''
+ Select how to display key IDs. "short" is the traditional
+ 8-character key ID. "long" is the more accurate (but less
+ convenient) 16-character key ID. Add an "0x" to either to include
+ an "0x" at the beginning of the key ID, as in 0x99242560. Note
+ that this option is ignored if the option -with-colons is used.
+
+`--keyserver `name''
+ Use `name' as your keyserver. This is the server that
+ `--recv-keys', `--send-keys', and `--search-keys' will communicate
+ with to receive keys from, send keys to, and search for keys on.
+ The format of the `name' is a URI:
+ `scheme:[//]keyservername[:port]' The scheme is the type of
+ keyserver: "hkp" for the HTTP (or compatible) keyservers, "ldap"
+ for the LDAP keyservers, or "mailto" for the Graff email
+ keyserver. Note that your particular installation of GnuPG may
+ have other keyserver types available as well. Keyserver schemes
+ are case-insensitive. After the keyserver name, optional keyserver
+ configuration options may be provided. These are the same as the
+ global `--keyserver-options' from below, but apply only to this
+ particular keyserver.
+
+ Most keyservers synchronize with each other, so there is generally
+ no need to send keys to more than one server. The keyserver
+ `hkp://keys.gnupg.net' uses round robin DNS to give a different
+ keyserver each time you use it.
+
+`--keyserver-options `name=value1 ''
+ This is a space or comma delimited string that gives options for
+ the keyserver. Options can be prefixed with a `no-' to give the
+ opposite meaning. Valid import-options or export-options may be
+ used here as well to apply to importing (`--recv-key') or exporting
+ (`--send-key') a key from a keyserver. While not all options are
+ available for all keyserver types, some common options are:
+
+ include-revoked
+ When searching for a key with `--search-keys', include keys
+ that are marked on the keyserver as revoked. Note that not
+ all keyservers differentiate between revoked and unrevoked
+ keys, and for such keyservers this option is meaningless.
+ Note also that most keyservers do not have cryptographic
+ verification of key revocations, and so turning this option
+ off may result in skipping keys that are incorrectly marked
+ as revoked.
+
+ include-disabled
+ When searching for a key with `--search-keys', include keys
+ that are marked on the keyserver as disabled. Note that
+ this option is not used with HKP keyservers.
+
+ auto-key-retrieve
+ This option enables the automatic retrieving of keys from a
+ keyserver when verifying signatures made by keys that are
+ not on the local keyring.
+
+ Note that this option makes a "web bug" like behavior
+ possible. Keyserver operators can see which keys you
+ request, so by sending you a message signed by a brand new
+ key (which you naturally will not have on your local
+ keyring), the operator can tell both your IP address and
+ the time when you verified the signature.
+
+ honor-keyserver-url
+ When using `--refresh-keys', if the key in question has a
+ preferred keyserver URL, then use that preferred keyserver
+ to refresh the key from. In addition, if auto-key-retrieve
+ is set, and the signature being verified has a preferred
+ keyserver URL, then use that preferred keyserver to fetch
+ the key from. Defaults to yes.
+
+ honor-pka-record
+ If auto-key-retrieve is set, and the signature being verified
+ has a PKA record, then use the PKA information to fetch the
+ key. Defaults to yes.
+
+ include-subkeys
+ When receiving a key, include subkeys as potential targets.
+ Note that this option is not used with HKP keyservers, as
+ they do not support retrieving keys by subkey id.
+
+ use-temp-files
+ On most Unix-like platforms, GnuPG communicates with the
+ keyserver helper program via pipes, which is the most
+ efficient method. This option forces GnuPG to use temporary
+ files to communicate. On some platforms (such as Win32 and
+ RISC OS), this option is always enabled.
+
+ keep-temp-files
+ If using `use-temp-files', do not delete the temp files after
+ using them. This option is useful to learn the keyserver
+ communication protocol by reading the temporary files.
+
+ verbose
+ Tell the keyserver helper program to be more verbose. This
+ option can be repeated multiple times to increase the
+ verbosity level.
+
+ timeout
+ Tell the keyserver helper program how long (in seconds) to
+ try and perform a keyserver action before giving up. Note
+ that performing multiple actions at the same time uses this
+ timeout value per action. For example, when retrieving
+ multiple keys via `--recv-keys', the timeout applies
+ separately to each key retrieval, and not to the
+ `--recv-keys' command as a whole. Defaults to 30 seconds.
+
+ http-proxy=`value'
+ Set the proxy to use for HTTP and HKP keyservers. This
+ overrides the "http_proxy" environment variable, if any.
+
+ max-cert-size
+ When retrieving a key via DNS CERT, only accept keys up to
+ this size. Defaults to 16384 bytes.
+
+ debug
+ Turn on debug output in the keyserver helper program. Note
+ that the details of debug output depends on which keyserver
+ helper program is being used, and in turn, on any libraries
+ that the keyserver helper program uses internally (libcurl,
+ openldap, etc).
+
+ check-cert
+ Enable certificate checking if the keyserver presents one
+ (for hkps or ldaps). Defaults to on.
+
+ ca-cert-file
+ Provide a certificate store to override the system default.
+ Only necessary if check-cert is enabled, and the keyserver
+ is using a certificate that is not present in a system
+ default certificate list.
+
+ Note that depending on the SSL library that the keyserver
+ helper is built with, this may actually be a directory or a
+ file.
+
+`--completes-needed `n''
+ Number of completely trusted users to introduce a new key signer
+ (defaults to 1).
+
+`--marginals-needed `n''
+ Number of marginally trusted users to introduce a new key signer
+ (defaults to 3)
+
+`--max-cert-depth `n''
+ Maximum depth of a certification chain (default is 5).
+
+`--simple-sk-checksum'
+ Secret keys are integrity protected by using a SHA-1 checksum. This
+ method is part of the upcoming enhanced OpenPGP specification but
+ GnuPG already uses it as a countermeasure against certain attacks.
+ Old applications don't understand this new format, so this option
+ may be used to switch back to the old behaviour. Using this option
+ bears a security risk. Note that using this option only takes
+ effect when the secret key is encrypted - the simplest way to make
+ this happen is to change the passphrase on the key (even changing
+ it to the same value is acceptable).
+
+`--no-sig-cache'
+ Do not cache the verification status of key signatures. Caching
+ gives a much better performance in key listings. However, if you
+ suspect that your public keyring is not save against write
+ modifications, you can use this option to disable the caching. It
+ probably does not make sense to disable it because all kind of
+ damage can be done if someone else has write access to your public
+ keyring.
+
+`--no-sig-create-check'
+ GnuPG normally verifies each signature right after creation to
+ protect against bugs and hardware malfunctions which could leak
+ out bits from the secret key. This extra verification needs some
+ time (about 115% for DSA keys), and so this option can be used to
+ disable it. However, due to the fact that the signature creation
+ needs manual interaction, this performance penalty does not matter
+ in most settings.
+
+`--auto-check-trustdb'
+`--no-auto-check-trustdb'
+ If GnuPG feels that its information about the Web of Trust has to
+ be updated, it automatically runs the `--check-trustdb' command
+ internally. This may be a time consuming process.
+ `--no-auto-check-trustdb' disables this option.
+
+`--use-agent'
+`--no-use-agent'
+ This is dummy option. `gpg2' always requires the agent.
+
+`--gpg-agent-info'
+ This is dummy option. It has no effect when used with `gpg2'.
+
+`--lock-once'
+ Lock the databases the first time a lock is requested and do not
+ release the lock until the process terminates.
+
+`--lock-multiple'
+ Release the locks every time a lock is no longer needed. Use this
+ to override a previous `--lock-once' from a config file.
+
+`--lock-never'
+ Disable locking entirely. This option should be used only in very
+ special environments, where it can be assured that only one process
+ is accessing those files. A bootable floppy with a stand-alone
+ encryption system will probably use this. Improper usage of this
+ option may lead to data and key corruption.
+
+`--exit-on-status-write-error'
+ This option will cause write errors on the status FD to immediately
+ terminate the process. That should in fact be the default but it
+ never worked this way and thus we need an option to enable this,
+ so that the change won't break applications which close their end
+ of a status fd connected pipe too early. Using this option along
+ with `--enable-progress-filter' may be used to cleanly cancel long
+ running gpg operations.
+
+`--limit-card-insert-tries `n''
+ With `n' greater than 0 the number of prompts asking to insert a
+ smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
+ all ask to insert a card if none has been inserted at startup. This
+ option is useful in the configuration file in case an application
+ does not know about the smartcard support and waits ad infinitum
+ for an inserted card.
+
+`--no-random-seed-file'
+ GnuPG uses a file to store its internal random pool over
+ invocations. This makes random generation faster; however
+ sometimes write operations are not desired. This option can be
+ used to achieve that with the cost of slower random generation.
+
+`--no-greeting'
+ Suppress the initial copyright message.
+
+`--no-secmem-warning'
+ Suppress the warning about "using insecure memory".
+
+`--no-permission-warning'
+ Suppress the warning about unsafe file and home directory
+ (`--homedir') permissions. Note that the permission checks that
+ GnuPG performs are not intended to be authoritative, but rather
+ they simply warn about certain common permission problems. Do not
+ assume that the lack of a warning means that your system is secure.
+
+ Note that the warning for unsafe `--homedir' permissions cannot be
+ suppressed in the gpg.conf file, as this would allow an attacker to
+ place an unsafe gpg.conf file in place, and use this file to
+ suppress warnings about itself. The `--homedir' permissions
+ warning may only be suppressed on the command line.
+
+`--no-mdc-warning'
+ Suppress the warning about missing MDC integrity protection.
+
+`--require-secmem'
+`--no-require-secmem'
+ Refuse to run if GnuPG cannot get secure memory. Defaults to no
+ (i.e. run, but give a warning).
+
+`--require-cross-certification'
+`--no-require-cross-certification'
+ When verifying a signature made from a subkey, ensure that the
+ cross certification "back signature" on the subkey is present and
+ valid. This protects against a subtle attack against subkeys that
+ can sign. Defaults to `--require-cross-certification' for `gpg2'.
+
+`--expert'
+`--no-expert'
+ Allow the user to do certain nonsensical or "silly" things like
+ signing an expired or revoked key, or certain potentially
+ incompatible things like generating unusual key types. This also
+ disables certain warning messages about potentially incompatible
+ actions. As the name implies, this option is for experts only. If
+ you don't fully understand the implications of what it allows you
+ to do, leave this off. `--no-expert' disables this option.
+
+
+
+File: gnupg.info, Node: GPG Key related Options, Next: GPG Input and Output, Prev: GPG Configuration Options, Up: GPG Options
+
+3.2.2 Key related options
+-------------------------
+
+`--recipient NAME'
+`-r'
+ Encrypt for user id NAME. If this option or `--hidden-recipient'
+ is not specified, GnuPG asks for the user-id unless
+ `--default-recipient' is given.
+
+`--hidden-recipient NAME'
+`-R'
+ Encrypt for user ID NAME, but hide the key ID of this user's key.
+ This option helps to hide the receiver of the message and is a
+ limited countermeasure against traffic analysis. If this option or
+ `--recipient' is not specified, GnuPG asks for the user ID unless
+ `--default-recipient' is given.
+
+`--encrypt-to `name''
+ Same as `--recipient' but this one is intended for use in the
+ options file and may be used with your own user-id as an
+ "encrypt-to-self". These keys are only used when there are other
+ recipients given either by use of `--recipient' or by the asked
+ user id. No trust checking is performed for these user ids and
+ even disabled keys can be used.
+
+`--hidden-encrypt-to `name''
+ Same as `--hidden-recipient' but this one is intended for use in
+ the options file and may be used with your own user-id as a hidden
+ "encrypt-to-self". These keys are only used when there are other
+ recipients given either by use of `--recipient' or by the asked
+ user id. No trust checking is performed for these user ids and
+ even disabled keys can be used.
+
+`--no-encrypt-to'
+ Disable the use of all `--encrypt-to' and `--hidden-encrypt-to'
+ keys.
+
+`--group `name=value1 ''
+ Sets up a named group, which is similar to aliases in email
+ programs. Any time the group name is a recipient (`-r' or
+ `--recipient'), it will be expanded to the values specified.
+ Multiple groups with the same name are automatically merged into a
+ single group.
+
+ The values are `key IDs' or fingerprints, but any key description
+ is accepted. Note that a value with spaces in it will be treated as
+ two different values. Note also there is only one level of
+ expansion -- you cannot make an group that points to another
+ group. When used from the command line, it may be necessary to
+ quote the argument to this option to prevent the shell from
+ treating it as multiple arguments.
+
+`--ungroup `name''
+ Remove a given entry from the `--group' list.
+
+`--no-groups'
+ Remove all entries from the `--group' list.
+
+`--local-user NAME'
+`-u'
+ Use NAME as the key to sign with. Note that this option overrides
+ `--default-key'.
+
+`--try-all-secrets'
+ Don't look at the key ID as stored in the message but try all
+ secret keys in turn to find the right decryption key. This option
+ forces the behaviour as used by anonymous recipients (created by
+ using `--throw-keyids' or `--hidden-recipient') and might come
+ handy in case where an encrypted message contains a bogus key ID.
+
+`--skip-hidden-recipients'
+`--no-skip-hidden-recipients'
+ During decryption skip all anonymous recipients. This option
+ helps in the case that people use the hidden recipients feature to
+ hide there own encrypt-to key from others. If oneself has many
+ secret keys this may lead to a major annoyance because all keys
+ are tried in turn to decrypt soemthing which was not really
+ intended for it. The drawback of this option is that it is
+ currently not possible to decrypt a message which includes real
+ anonymous recipients.
+
+
+
+File: gnupg.info, Node: GPG Input and Output, Next: OpenPGP Options, Prev: GPG Key related Options, Up: GPG Options
+
+3.2.3 Input and Output
+----------------------
+
+`--armor'
+`-a'
+ Create ASCII armored output. The default is to create the binary
+ OpenPGP format.
+
+`--no-armor'
+ Assume the input data is not in ASCII armored format.
+
+`--output FILE'
+`-o FILE'
+ Write output to FILE.
+
+`--max-output `n''
+ This option sets a limit on the number of bytes that will be
+ generated when processing a file. Since OpenPGP supports various
+ levels of compression, it is possible that the plaintext of a
+ given message may be significantly larger than the original
+ OpenPGP message. While GnuPG works properly with such messages,
+ there is often a desire to set a maximum file size that will be
+ generated before processing is forced to stop by the OS limits.
+ Defaults to 0, which means "no limit".
+
+`--import-options `parameters''
+ This is a space or comma delimited string that gives options for
+ importing keys. Options can be prepended with a `no-' to give the
+ opposite meaning. The options are:
+
+ import-local-sigs
+ Allow importing key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being
+ used. Defaults to no.
+
+ repair-pks-subkey-bug
+ During import, attempt to repair the damage caused by the PKS
+ keyserver bug (pre version 0.9.6) that mangles keys with
+ multiple subkeys. Note that this cannot completely repair
+ the damaged key as some crucial data is removed by the
+ keyserver, but it does at least give you back one subkey.
+ Defaults to no for regular `--import' and to yes for
+ keyserver `--recv-keys'.
+
+ merge-only
+ During import, allow key updates to existing keys, but do not
+ allow any new keys to be imported. Defaults to no.
+
+ import-clean
+ After import, compact (remove all signatures except the
+ self-signature) any user IDs from the new key that are not
+ usable. Then, remove any signatures from the new key that
+ are not usable. This includes signatures that were issued
+ by keys that are not present on the keyring. This option is
+ the same as running the `--edit-key' command "clean" after
+ import. Defaults to no.
+
+ import-minimal
+ Import the smallest key possible. This removes all signatures
+ except the most recent self-signature on each user ID. This
+ option is the same as running the `--edit-key' command
+ "minimize" after import. Defaults to no.
+
+`--export-options `parameters''
+ This is a space or comma delimited string that gives options for
+ exporting keys. Options can be prepended with a `no-' to give the
+ opposite meaning. The options are:
+
+ export-local-sigs
+ Allow exporting key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being
+ used. Defaults to no.
+
+ export-attributes
+ Include attribute user IDs (photo IDs) while exporting. This
+ is useful to export keys if they are going to be used by an
+ OpenPGP program that does not accept attribute user IDs.
+ Defaults to yes.
+
+ export-sensitive-revkeys
+ Include designated revoker information that was marked as
+ "sensitive". Defaults to no.
+
+ export-reset-subkey-passwd
+ When using the `--export-secret-subkeys' command, this option
+ resets the passphrases for all exported subkeys to empty.
+ This is useful when the exported subkey is to be used on an
+ unattended machine where a passphrase doesn't necessarily
+ make sense. Defaults to no.
+
+ export-clean
+ Compact (remove all signatures from) user IDs on the key being
+ exported if the user IDs are not usable. Also, do not export
+ any signatures that are not usable. This includes
+ signatures that were issued by keys that are not present on
+ the keyring. This option is the same as running the
+ `--edit-key' command "clean" before export except that the
+ local copy of the key is not modified. Defaults to no.
+
+ export-minimal
+ Export the smallest key possible. This removes all signatures
+ except the most recent self-signature on each user ID. This
+ option is the same as running the `--edit-key' command
+ "minimize" before export except that the local copy of the
+ key is not modified. Defaults to no.
+
+`--with-colons'
+ Print key listings delimited by colons. Note that the output will
+ be encoded in UTF-8 regardless of any `--display-charset' setting.
+ This format is useful when GnuPG is called from scripts and other
+ programs as it is easily machine parsed. The details of this
+ format are documented in the file `doc/DETAILS', which is included
+ in the GnuPG source distribution.
+
+`--fixed-list-mode'
+ Do not merge primary user ID and primary key in `--with-colon'
+ listing mode and print all timestamps as seconds since 1970-01-01.
+ Since GnuPG 2.0.10, this mode is always used and thus this option
+ is obsolete; it does not harm to use it though.
+
+`--with-fingerprint'
+ Same as the command `--fingerprint' but changes only the format of
+ the output and may be used together with another command.
+
+
+
+File: gnupg.info, Node: OpenPGP Options, Next: GPG Esoteric Options, Prev: GPG Input and Output, Up: GPG Options
+
+3.2.4 OpenPGP protocol specific options.
+----------------------------------------
+
+`-t, --textmode'
+`--no-textmode'
+ Treat input files as text and store them in the OpenPGP canonical
+ text form with standard "CRLF" line endings. This also sets the
+ necessary flags to inform the recipient that the encrypted or
+ signed data is text and may need its line endings converted back
+ to whatever the local system uses. This option is useful when
+ communicating between two platforms that have different line
+ ending conventions (UNIX-like to Mac, Mac to Windows, etc).
+ `--no-textmode' disables this option, and is the default.
+
+`--force-v3-sigs'
+`--no-force-v3-sigs'
+ OpenPGP states that an implementation should generate v4 signatures
+ but PGP versions 5 through 7 only recognize v4 signatures on key
+ material. This option forces v3 signatures for signatures on data.
+ Note that this option implies `--no-ask-sig-expire', and unsets
+ `--sig-policy-url', `--sig-notation', and `--sig-keyserver-url',
+ as these features cannot be used with v3 signatures.
+ `--no-force-v3-sigs' disables this option. Defaults to no.
+
+`--force-v4-certs'
+`--no-force-v4-certs'
+ Always use v4 key signatures even on v3 keys. This option also
+ changes the default hash algorithm for v3 RSA keys from MD5 to
+ SHA-1. `--no-force-v4-certs' disables this option.
+
+`--force-mdc'
+ Force the use of encryption with a modification detection code.
+ This is always used with the newer ciphers (those with a blocksize
+ greater than 64 bits), or if all of the recipient keys indicate
+ MDC support in their feature flags.
+
+`--disable-mdc'
+ Disable the use of the modification detection code. Note that by
+ using this option, the encrypted message becomes vulnerable to a
+ message modification attack.
+
+`--personal-cipher-preferences `string''
+ Set the list of personal cipher preferences to `string'. Use
+ `gpg2 --version' to get a list of available algorithms, and use
+ `none' to set no preference at all. This allows the user to
+ safely override the algorithm chosen by the recipient key
+ preferences, as GPG will only select an algorithm that is usable by
+ all recipients. The most highly ranked cipher in this list is also
+ used for the `--symmetric' encryption command.
+
+`--personal-digest-preferences `string''
+ Set the list of personal digest preferences to `string'. Use
+ `gpg2 --version' to get a list of available algorithms, and use
+ `none' to set no preference at all. This allows the user to
+ safely override the algorithm chosen by the recipient key
+ preferences, as GPG will only select an algorithm that is usable by
+ all recipients. The most highly ranked digest algorithm in this
+ list is also used when signing without encryption (e.g.
+ `--clearsign' or `--sign').
+
+`--personal-compress-preferences `string''
+ Set the list of personal compression preferences to `string'. Use
+ `gpg2 --version' to get a list of available algorithms, and use
+ `none' to set no preference at all. This allows the user to
+ safely override the algorithm chosen by the recipient key
+ preferences, as GPG will only select an algorithm that is usable
+ by all recipients. The most highly ranked compression algorithm
+ in this list is also used when there are no recipient keys to
+ consider (e.g. `--symmetric').
+
+`--s2k-cipher-algo `name''
+ Use `name' as the cipher algorithm used to protect secret keys.
+ The default cipher is CAST5. This cipher is also used for
+ conventional encryption if `--personal-cipher-preferences' and
+ `--cipher-algo' is not given.
+
+`--s2k-digest-algo `name''
+ Use `name' as the digest algorithm used to mangle the passphrases.
+ The default algorithm is SHA-1.
+
+`--s2k-mode `n''
+ Selects how passphrases are mangled. If `n' is 0 a plain
+ passphrase (which is not recommended) will be used, a 1 adds a
+ salt to the passphrase and a 3 (the default) iterates the whole
+ process a number of times (see -s2k-count). Unless `--rfc1991' is
+ used, this mode is also used for conventional encryption.
+
+`--s2k-count `n''
+ Specify how many times the passphrase mangling is repeated. This
+ value may range between 1024 and 65011712 inclusive. The default
+ is inquired from gpg-agent. Note that not all values in the
+ 1024-65011712 range are legal and if an illegal value is selected,
+ GnuPG will round up to the nearest legal value. This option is
+ only meaningful if `--s2k-mode' is 3.
+
+
+3.2.5 Compliance options
+------------------------
+
+These options control what GnuPG is compliant to. Only one of these
+options may be active at a time. Note that the default setting of this
+is nearly always the correct one. See the INTEROPERABILITY WITH OTHER
+OPENPGP PROGRAMS section below before using one of these options.
+
+`--gnupg'
+ Use standard GnuPG behavior. This is essentially OpenPGP behavior
+ (see `--openpgp'), but with some additional workarounds for common
+ compatibility problems in different versions of PGP. This is the
+ default option, so it is not generally needed, but it may be
+ useful to override a different compliance option in the gpg.conf
+ file.
+
+`--openpgp'
+ Reset all packet, cipher and digest options to strict OpenPGP
+ behavior. Use this option to reset all previous options like
+ `--s2k-*', `--cipher-algo', `--digest-algo' and `--compress-algo'
+ to OpenPGP compliant values. All PGP workarounds are disabled.
+
+`--rfc4880'
+ Reset all packet, cipher and digest options to strict RFC-4880
+ behavior. Note that this is currently the same thing as
+ `--openpgp'.
+
+`--rfc2440'
+ Reset all packet, cipher and digest options to strict RFC-2440
+ behavior.
+
+`--rfc1991'
+ Try to be more RFC-1991 (PGP 2.x) compliant.
+
+`--pgp2'
+ Set up all options to be as PGP 2.x compliant as possible, and
+ warn if an action is taken (e.g. encrypting to a non-RSA key) that
+ will create a message that PGP 2.x will not be able to handle.
+ Note that `PGP 2.x' here means `MIT PGP 2.6.2'. There are other
+ versions of PGP 2.x available, but the MIT release is a good
+ common baseline.
+
+ This option implies `--rfc1991 --disable-mdc --no-force-v4-certs
+ --escape-from-lines --force-v3-sigs --cipher-algo IDEA
+ --digest-algo MD5 --compress-algo ZIP'. It also disables
+ `--textmode' when encrypting.
+
+`--pgp6'
+ Set up all options to be as PGP 6 compliant as possible. This
+ restricts you to the ciphers IDEA (if the IDEA plugin is
+ installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160,
+ and the compression algorithms none and ZIP. This also disables
+ -throw-keyids, and making signatures with signing subkeys as PGP 6
+ does not understand signatures made by signing subkeys.
+
+ This option implies `--disable-mdc --escape-from-lines
+ --force-v3-sigs'.
+
+`--pgp7'
+ Set up all options to be as PGP 7 compliant as possible. This is
+ identical to `--pgp6' except that MDCs are not disabled, and the
+ list of allowable ciphers is expanded to add AES128, AES192,
+ AES256, and TWOFISH.
+
+`--pgp8'
+ Set up all options to be as PGP 8 compliant as possible. PGP 8 is
+ a lot closer to the OpenPGP standard than previous versions of
+ PGP, so all this does is disable `--throw-keyids' and set
+ `--escape-from-lines'. All algorithms are allowed except for the
+ SHA224, SHA384, and SHA512 digests.
+
+
+
+File: gnupg.info, Node: GPG Esoteric Options, Prev: OpenPGP Options, Up: GPG Options
+
+3.2.6 Doing things one usually doesn't want to do.
+--------------------------------------------------
+
+`-n'
+`--dry-run'
+ Don't make any changes (this is not completely implemented).
+
+`--list-only'
+ Changes the behaviour of some commands. This is like `--dry-run'
+ but different in some cases. The semantic of this command may be
+ extended in the future. Currently it only skips the actual
+ decryption pass and therefore enables a fast listing of the
+ encryption keys.
+
+`-i'
+`--interactive'
+ Prompt before overwriting any files.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or by a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+`--debug FLAGS'
+ Set debugging flags. All flags are or-ed and FLAGS may be given in
+ C syntax (e.g. 0x0042).
+
+`--debug-all'
+ Set all useful debugging flags.
+
+`--faked-system-time EPOCH'
+ This option is only useful for testing; it sets the system time
+ back or forth to EPOCH which is the number of seconds elapsed
+ since the year 1970. Alternatively EPOCH may be given as a full
+ ISO time string (e.g. "20070924T154812").
+
+`--enable-progress-filter'
+ Enable certain PROGRESS status outputs. This option allows
+ frontends to display a progress indicator while gpg is processing
+ larger files. There is a slight performance overhead using it.
+
+`--status-fd `n''
+ Write special status strings to the file descriptor `n'. See the
+ file DETAILS in the documentation for a listing of them.
+
+`--status-file `file''
+ Same as `--status-fd', except the status data is written to file
+ `file'.
+
+`--logger-fd `n''
+ Write log output to file descriptor `n' and not to STDERR.
+
+`--log-file `file''
+`--logger-file `file''
+ Same as `--logger-fd', except the logger data is written to file
+ `file'. Note that `--log-file' is only implemented for GnuPG-2.
+
+`--attribute-fd `n''
+ Write attribute subpackets to the file descriptor `n'. This is most
+ useful for use with `--status-fd', since the status messages are
+ needed to separate out the various subpackets from the stream
+ delivered to the file descriptor.
+
+`--attribute-file `file''
+ Same as `--attribute-fd', except the attribute data is written to
+ file `file'.
+
+`--comment `string''
+`--no-comments'
+ Use `string' as a comment string in clear text signatures and ASCII
+ armored messages or keys (see `--armor'). The default behavior is
+ not to use a comment string. `--comment' may be repeated multiple
+ times to get multiple comment strings. `--no-comments' removes all
+ comments. It is a good idea to keep the length of a single comment
+ below 60 characters to avoid problems with mail programs wrapping
+ such lines. Note that comment lines, like all other header lines,
+ are not protected by the signature.
+
+`--emit-version'
+`--no-emit-version'
+ Force inclusion of the version string in ASCII armored output.
+ `--no-emit-version' disables this option.
+
+`--sig-notation `name=value''
+`--cert-notation `name=value''
+`-N, --set-notation `name=value''
+ Put the name value pair into the signature as notation data.
+ `name' must consist only of printable characters or spaces, and
+ must contain a '@' character in the form keyname@domain.example.com
+ (substituting the appropriate keyname and domain name, of course).
+ This is to help prevent pollution of the IETF reserved notation
+ namespace. The `--expert' flag overrides the '@' check. `value'
+ may be any printable string; it will be encoded in UTF8, so you
+ should check that your `--display-charset' is set correctly. If
+ you prefix `name' with an exclamation mark (!), the notation data
+ will be flagged as critical (rfc2440:5.2.3.15). `--sig-notation'
+ sets a notation for data signatures. `--cert-notation' sets a
+ notation for key signatures (certifications). `--set-notation'
+ sets both.
+
+ There are special codes that may be used in notation names. "%k"
+ will be expanded into the key ID of the key being signed, "%K"
+ into the long key ID of the key being signed, "%f" into the
+ fingerprint of the key being signed, "%s" into the key ID of the
+ key making the signature, "%S" into the long key ID of the key
+ making the signature, "%g" into the fingerprint of the key making
+ the signature (which might be a subkey), "%p" into the fingerprint
+ of the primary key of the key making the signature, "%c" into the
+ signature count from the OpenPGP smartcard, and "%%" results in a
+ single "%". %k, %K, and %f are only meaningful when making a key
+ signature (certification), and %c is only meaningful when using
+ the OpenPGP smartcard.
+
+`--sig-policy-url `string''
+`--cert-policy-url `string''
+`--set-policy-url `string''
+ Use `string' as a Policy URL for signatures (rfc2440:5.2.3.19). If
+ you prefix it with an exclamation mark (!), the policy URL packet
+ will be flagged as critical. `--sig-policy-url' sets a policy url
+ for data signatures. `--cert-policy-url' sets a policy url for key
+ signatures (certifications). `--set-policy-url' sets both.
+
+ The same %-expandos used for notation data are available here as
+ well.
+
+`--sig-keyserver-url `string''
+ Use `string' as a preferred keyserver URL for data signatures. If
+ you prefix it with an exclamation mark (!), the keyserver URL
+ packet will be flagged as critical.
+
+ The same %-expandos used for notation data are available here as
+ well.
+
+`--set-filename `string''
+ Use `string' as the filename which is stored inside messages.
+ This overrides the default, which is to use the actual filename of
+ the file being encrypted.
+
+`--for-your-eyes-only'
+`--no-for-your-eyes-only'
+ Set the `for your eyes only' flag in the message. This causes
+ GnuPG to refuse to save the file unless the `--output' option is
+ given, and PGP to use a "secure viewer" with a claimed
+ Tempest-resistant font to display the message. This option
+ overrides `--set-filename'. `--no-for-your-eyes-only' disables
+ this option.
+
+`--use-embedded-filename'
+`--no-use-embedded-filename'
+ Try to create a file with a name as embedded in the data. This can
+ be a dangerous option as it allows to overwrite files. Defaults to
+ no.
+
+`--cipher-algo `name''
+ Use `name' as cipher algorithm. Running the program with the
+ command `--version' yields a list of supported algorithms. If this
+ is not used the cipher algorithm is selected from the preferences
+ stored with the key. In general, you do not want to use this
+ option as it allows you to violate the OpenPGP standard.
+ `--personal-cipher-preferences' is the safe way to accomplish the
+ same thing.
+
+`--digest-algo `name''
+ Use `name' as the message digest algorithm. Running the program
+ with the command `--version' yields a list of supported
+ algorithms. In general, you do not want to use this option as it
+ allows you to violate the OpenPGP standard.
+ `--personal-digest-preferences' is the safe way to accomplish the
+ same thing.
+
+`--compress-algo `name''
+ Use compression algorithm `name'. "zlib" is RFC-1950 ZLIB
+ compression. "zip" is RFC-1951 ZIP compression which is used by
+ PGP. "bzip2" is a more modern compression scheme that can
+ compress some things better than zip or zlib, but at the cost of
+ more memory used during compression and decompression.
+ "uncompressed" or "none" disables compression. If this option is
+ not used, the default behavior is to examine the recipient key
+ preferences to see which algorithms the recipient supports. If all
+ else fails, ZIP is used for maximum compatibility.
+
+ ZLIB may give better compression results than ZIP, as the
+ compression window size is not limited to 8k. BZIP2 may give even
+ better compression results than that, but will use a significantly
+ larger amount of memory while compressing and decompressing. This
+ may be significant in low memory situations. Note, however, that
+ PGP (all versions) only supports ZIP compression. Using any
+ algorithm other than ZIP or "none" will make the message
+ unreadable with PGP. In general, you do not want to use this
+ option as it allows you to violate the OpenPGP standard.
+ `--personal-compress-preferences' is the safe way to accomplish
+ the same thing.
+
+`--cert-digest-algo `name''
+ Use `name' as the message digest algorithm used when signing a
+ key. Running the program with the command `--version' yields a
+ list of supported algorithms. Be aware that if you choose an
+ algorithm that GnuPG supports but other OpenPGP implementations do
+ not, then some users will not be able to use the key signatures
+ you make, or quite possibly your entire key.
+
+`--disable-cipher-algo `name''
+ Never allow the use of `name' as cipher algorithm. The given name
+ will not be checked so that a later loaded algorithm will still
+ get disabled.
+
+`--disable-pubkey-algo `name''
+ Never allow the use of `name' as public key algorithm. The given
+ name will not be checked so that a later loaded algorithm will
+ still get disabled.
+
+`--throw-keyids'
+`--no-throw-keyids'
+ Do not put the recipient key IDs into encrypted messages. This
+ helps to hide the receivers of the message and is a limited
+ countermeasure against traffic analysis.(1) On the receiving
+ side, it may slow down the decryption process because all
+ available secret keys must be tried. `--no-throw-keyids' disables
+ this option. This option is essentially the same as using
+ `--hidden-recipient' for all recipients.
+
+`--not-dash-escaped'
+ This option changes the behavior of cleartext signatures so that
+ they can be used for patch files. You should not send such an
+ armored file via email because all spaces and line endings are
+ hashed too. You can not use this option for data which has 5
+ dashes at the beginning of a line, patch files don't have this. A
+ special armor header line tells GnuPG about this cleartext
+ signature option.
+
+`--escape-from-lines'
+`--no-escape-from-lines'
+ Because some mailers change lines starting with "From " to ">From
+ " it is good to handle such lines in a special way when creating
+ cleartext signatures to prevent the mail system from breaking the
+ signature. Note that all other PGP versions do it this way too.
+ Enabled by default. `--no-escape-from-lines' disables this option.
+
+`--passphrase-repeat `n''
+ Specify how many times `gpg2' will request a new passphrase be
+ repeated. This is useful for helping memorize a passphrase.
+ Defaults to 1 repetition.
+
+`--passphrase-fd `n''
+ Read the passphrase from file descriptor `n'. Only the first line
+ will be read from file descriptor `n'. If you use 0 for `n', the
+ passphrase will be read from STDIN. This can only be used if only
+ one passphrase is supplied. Note that this passphrase is only
+ used if the option `--batch' has also been given. This is
+ different from `gpg'.
+
+`--passphrase-file `file''
+ Read the passphrase from file `file'. Only the first line will be
+ read from file `file'. This can only be used if only one
+ passphrase is supplied. Obviously, a passphrase stored in a file is
+ of questionable security if other users can read this file. Don't
+ use this option if you can avoid it. Note that this passphrase is
+ only used if the option `--batch' has also been given. This is
+ different from `gpg'.
+
+`--passphrase `string''
+ Use `string' as the passphrase. This can only be used if only one
+ passphrase is supplied. Obviously, this is of very questionable
+ security on a multi-user system. Don't use this option if you can
+ avoid it. Note that this passphrase is only used if the option
+ `--batch' has also been given. This is different from `gpg'.
+
+`--command-fd `n''
+ This is a replacement for the deprecated shared-memory IPC mode.
+ If this option is enabled, user input on questions is not expected
+ from the TTY but from the given file descriptor. It should be used
+ together with `--status-fd'. See the file doc/DETAILS in the source
+ distribution for details on how to use it.
+
+`--command-file `file''
+ Same as `--command-fd', except the commands are read out of file
+ `file'
+
+`--allow-non-selfsigned-uid'
+`--no-allow-non-selfsigned-uid'
+ Allow the import and use of keys with user IDs which are not
+ self-signed. This is not recommended, as a non self-signed user ID
+ is trivial to forge. `--no-allow-non-selfsigned-uid' disables.
+
+`--allow-freeform-uid'
+ Disable all checks on the form of the user ID while generating a
+ new one. This option should only be used in very special
+ environments as it does not ensure the de-facto standard format of
+ user IDs.
+
+`--ignore-time-conflict'
+ GnuPG normally checks that the timestamps associated with keys and
+ signatures have plausible values. However, sometimes a signature
+ seems to be older than the key due to clock problems. This option
+ makes these checks just a warning. See also `--ignore-valid-from'
+ for timestamp issues on subkeys.
+
+`--ignore-valid-from'
+ GnuPG normally does not select and use subkeys created in the
+ future. This option allows the use of such keys and thus exhibits
+ the pre-1.0.7 behaviour. You should not use this option unless
+ there is some clock problem. See also `--ignore-time-conflict' for
+ timestamp issues with signatures.
+
+`--ignore-crc-error'
+ The ASCII armor used by OpenPGP is protected by a CRC checksum
+ against transmission errors. Occasionally the CRC gets mangled
+ somewhere on the transmission channel but the actual content
+ (which is protected by the OpenPGP protocol anyway) is still okay.
+ This option allows GnuPG to ignore CRC errors.
+
+`--ignore-mdc-error'
+ This option changes a MDC integrity protection failure into a
+ warning. This can be useful if a message is partially corrupt,
+ but it is necessary to get as much data as possible out of the
+ corrupt message. However, be aware that a MDC protection failure
+ may also mean that the message was tampered with intentionally by
+ an attacker.
+
+`--no-default-keyring'
+ Do not add the default keyrings to the list of keyrings. Note that
+ GnuPG will not operate without any keyrings, so if you use this
+ option and do not provide alternate keyrings via `--keyring' or
+ `--secret-keyring', then GnuPG will still use the default public or
+ secret keyrings.
+
+`--skip-verify'
+ Skip the signature verification step. This may be used to make the
+ decryption faster if the signature verification is not needed.
+
+`--with-key-data'
+ Print key listings delimited by colons (like `--with-colons') and
+ print the public key data.
+
+`--fast-list-mode'
+ Changes the output of the list commands to work faster; this is
+ achieved by leaving some parts empty. Some applications don't need
+ the user ID and the trust information given in the listings. By
+ using this options they can get a faster listing. The exact
+ behaviour of this option may change in future versions. If you
+ are missing some information, don't use this option.
+
+`--no-literal'
+ This is not for normal use. Use the source to see for what it
+ might be useful.
+
+`--set-filesize'
+ This is not for normal use. Use the source to see for what it
+ might be useful.
+
+`--show-session-key'
+ Display the session key used for one message. See
+ `--override-session-key' for the counterpart of this option.
+
+ We think that Key Escrow is a Bad Thing; however the user should
+ have the freedom to decide whether to go to prison or to reveal
+ the content of one specific message without compromising all
+ messages ever encrypted for one secret key. DON'T USE IT UNLESS
+ YOU ARE REALLY FORCED TO DO SO.
+
+`--override-session-key `string''
+ Don't use the public key but the session key `string'. The format
+ of this string is the same as the one printed by
+ `--show-session-key'. This option is normally not used but comes
+ handy in case someone forces you to reveal the content of an
+ encrypted message; using this option you can do this without
+ handing out the secret key.
+
+`--ask-sig-expire'
+`--no-ask-sig-expire'
+ When making a data signature, prompt for an expiration time. If
+ this option is not specified, the expiration time set via
+ `--default-sig-expire' is used. `--no-ask-sig-expire' disables
+ this option.
+
+`--default-sig-expire'
+ The default expiration time to use for signature expiration. Valid
+ values are "0" for no expiration, a number followed by the letter d
+ (for days), w (for weeks), m (for months), or y (for years) (for
+ example "2m" for two months, or "5y" for five years), or an
+ absolute date in the form YYYY-MM-DD. Defaults to "0".
+
+`--ask-cert-expire'
+`--no-ask-cert-expire'
+ When making a key signature, prompt for an expiration time. If this
+ option is not specified, the expiration time set via
+ `--default-cert-expire' is used. `--no-ask-cert-expire' disables
+ this option.
+
+`--default-cert-expire'
+ The default expiration time to use for key signature expiration.
+ Valid values are "0" for no expiration, a number followed by the
+ letter d (for days), w (for weeks), m (for months), or y (for
+ years) (for example "2m" for two months, or "5y" for five years),
+ or an absolute date in the form YYYY-MM-DD. Defaults to "0".
+
+`--allow-secret-key-import'
+ This is an obsolete option and is not used anywhere.
+
+`--allow-multiple-messages'
+
+`--no-allow-multiple-messages'
+ Allow processing of multiple OpenPGP messages contained in a
+ single file or stream. Some programs that call GPG are not
+ prepared to deal with multiple messages being processed together,
+ so this option defaults to no. Note that versions of GPG prior to
+ 1.4.7 always allowed multiple messages.
+
+ Warning: Do not use this option unless you need it as a temporary
+ workaround!
+
+`--enable-special-filenames'
+ This options enables a mode in which filenames of the form `-&n',
+ where n is a non-negative decimal number, refer to the file
+ descriptor n and not to a file with that name.
+
+`--no-expensive-trust-checks'
+ Experimental use only.
+
+`--preserve-permissions'
+ Don't change the permissions of a secret keyring back to user
+ read/write only. Use this option only if you really know what you
+ are doing.
+
+`--default-preference-list `string''
+ Set the list of default preferences to `string'. This preference
+ list is used for new keys and becomes the default for "setpref" in
+ the edit menu.
+
+`--default-keyserver-url `name''
+ Set the default keyserver URL to `name'. This keyserver will be
+ used as the keyserver URL when writing a new self-signature on a
+ key, which includes key generation and changing preferences.
+
+`--list-config'
+ Display various internal configuration parameters of GnuPG. This
+ option is intended for external programs that call GnuPG to
+ perform tasks, and is thus not generally useful. See the file
+ `doc/DETAILS' in the source distribution for the details of which
+ configuration items may be listed. `--list-config' is only usable
+ with `--with-colons' set.
+
+`--gpgconf-list'
+ This command is similar to `--list-config' but in general only
+ internally used by the `gpgconf' tool.
+
+`--gpgconf-test'
+ This is more or less dummy action. However it parses the
+ configuration file and returns with failure if the configuration
+ file would prevent `gpg' from startup. Thus it may be used to run
+ a syntax check on the configuration file.
+
+
+3.2.7 Deprecated options
+------------------------
+
+`--show-photos'
+`--no-show-photos'
+ Causes `--list-keys', `--list-sigs', `--list-public-keys',
+ `--list-secret-keys', and verifying a signature to also display
+ the photo ID attached to the key, if any. See also
+ `--photo-viewer'. These options are deprecated. Use
+ `--list-options [no-]show-photos' and/or `--verify-options
+ [no-]show-photos' instead.
+
+`--show-keyring'
+ Display the keyring name at the head of key listings to show which
+ keyring a given key resides on. This option is deprecated: use
+ `--list-options [no-]show-keyring' instead.
+
+`--always-trust'
+ Identical to `--trust-model always'. This option is deprecated.
+
+`--show-notation'
+`--no-show-notation'
+ Show signature notations in the `--list-sigs' or `--check-sigs'
+ listings as well as when verifying a signature with a notation in
+ it. These options are deprecated. Use `--list-options
+ [no-]show-notation' and/or `--verify-options [no-]show-notation'
+ instead.
+
+`--show-policy-url'
+`--no-show-policy-url'
+ Show policy URLs in the `--list-sigs' or `--check-sigs' listings
+ as well as when verifying a signature with a policy URL in it.
+ These options are deprecated. Use `--list-options
+ [no-]show-policy-url' and/or `--verify-options
+ [no-]show-policy-url' instead.
+
+
+ ---------- Footnotes ----------
+
+ (1) Using a little social engineering anyone who is able to decrypt
+the message can check whether one of the other recipients is the one he
+suspects.
+
+
+File: gnupg.info, Node: GPG Configuration, Next: GPG Examples, Prev: GPG Options, Up: Invoking GPG
+
+3.3 Configuration files
+=======================
+
+There are a few configuration files to control certain aspects of
+`gpg2''s operation. Unless noted, they are expected in the current home
+directory (*note option --homedir::).
+
+`gpg.conf'
+ This is the standard configuration file read by `gpg2' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This default name may be changed on the command line (*note
+ option --options::). You should backup this file.
+
+
+ Note that on larger installations, it is useful to put predefined
+files into the directory `/etc/skel/.gnupg/' so that newly created users
+start up with a working configuration. For existing users the a small
+helper script is provided to create these files (*note addgnupghome::).
+
+ For internal purposes `gpg2' creates and maintains a few other
+files; They all live in in the current home directory (*note option
+--homedir::). Only the `gpg2' may modify these files.
+
+`~/.gnupg/secring.gpg'
+ The secret keyring. You should backup this file.
+
+`~/.gnupg/secring.gpg.lock'
+ The lock file for the secret keyring.
+
+`~/.gnupg/pubring.gpg'
+ The public keyring. You should backup this file.
+
+`~/.gnupg/pubring.gpg.lock'
+ The lock file for the public keyring.
+
+`~/.gnupg/trustdb.gpg'
+ The trust database. There is no need to backup this file; it is
+ better to backup the ownertrust values (*note option
+ --export-ownertrust::).
+
+`~/.gnupg/trustdb.gpg.lock'
+ The lock file for the trust database.
+
+`~/.gnupg/random_seed'
+ A file used to preserve the state of the internal random pool.
+
+`/usr[/local]/share/gnupg/options.skel'
+ The skeleton options file.
+
+`/usr[/local]/lib/gnupg/'
+ Default location for extensions.
+
+
+ Operation is further controlled by a few environment variables:
+
+HOME
+ Used to locate the default home directory.
+
+GNUPGHOME
+ If set directory used instead of "~/.gnupg".
+
+GPG_AGENT_INFO
+ Used to locate the gpg-agent. The value consists of 3 colon
+ delimited fields: The first is the path to the Unix Domain
+ Socket, the second the PID of the gpg-agent and the protocol
+ version which should be set to 1. When starting the gpg-agent as
+ described in its documentation, this variable is set to the correct
+ value. The option `--gpg-agent-info' can be used to override it.
+
+PINENTRY_USER_DATA
+ This value is passed via gpg-agent to pinentry. It is useful to
+ convey extra information to a custom pinentry.
+
+COLUMNS
+LINES
+ Used to size some displays to the full size of the screen.
+
+LANGUAGE
+ Apart from its use by GNU, it is used in the W32 version to
+ override the language selection done through the Registry. If
+ used and set to a valid and available language name (LANGID),
+ the file with the translation is loaded from
+
+ `GPGDIR/gnupg.nls/LANGID.mo'. Here GPGDIR is the directory out
+ of which the gpg binary has been loaded. If it can't be loaded
+ the Registry is tried and as last resort the native Windows
+ locale system is used.
+
+
+
+File: gnupg.info, Node: GPG Examples, Next: Unattended Usage of GPG, Prev: GPG Configuration, Up: Invoking GPG
+
+3.4 Examples
+============
+
+gpg -se -r `Bob' `file'
+ sign and encrypt for user Bob
+
+gpg -clearsign `file'
+ make a clear text signature
+
+gpg -sb `file'
+ make a detached signature
+
+gpg -u 0x12345678 -sb `file'
+ make a detached signature with the key 0x12345678
+
+gpg -list-keys `user_ID'
+ show keys
+
+gpg -fingerprint `user_ID'
+ show fingerprint
+
+gpg -verify `pgpfile'
+gpg -verify `sigfile'
+ Verify the signature of the file but do not output the data. The
+ second form is used for detached signatures, where `sigfile' is
+ the detached signature (either ASCII armored or binary) and are
+ the signed data; if this is not given, the name of the file
+ holding the signed data is constructed by cutting off the
+ extension (".asc" or ".sig") of `sigfile' or by asking the user
+ for the filename.
+
+RETURN VALUE
+************
+
+The program returns 0 if everything was fine, 1 if at least a signature
+was bad, and other error codes for fatal errors.
+
+WARNINGS
+********
+
+Use a *good* password for your user account and a *good* passphrase to
+protect your secret key. This passphrase is the weakest part of the
+whole system. Programs to do dictionary attacks on your secret keyring
+are very easy to write and so you should protect your "~/.gnupg/"
+directory very well.
+
+ Keep in mind that, if this program is used over a network (telnet),
+it is *very* easy to spy out your passphrase!
+
+ If you are going to verify detached signatures, make sure that the
+program knows about it; either give both filenames on the command line
+or use `-' to specify STDIN.
+
+INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
+********************************************
+
+GnuPG tries to be a very flexible implementation of the OpenPGP
+standard. In particular, GnuPG implements many of the optional parts of
+the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
+compression algorithms. It is important to be aware that not all
+OpenPGP programs implement these optional algorithms and that by
+forcing their use via the `--cipher-algo', `--digest-algo',
+`--cert-digest-algo', or `--compress-algo' options in GnuPG, it is
+possible to create a perfectly valid OpenPGP message, but one that
+cannot be read by the intended recipient.
+
+ There are dozens of variations of OpenPGP programs available, and
+each supports a slightly different subset of these optional algorithms.
+For example, until recently, no (unhacked) version of PGP supported the
+BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be
+read by a PGP user. By default, GnuPG uses the standard OpenPGP
+preferences system that will always do the right thing and create
+messages that are usable by all recipients, regardless of which OpenPGP
+program they use. Only override this safe default if you really know
+what you are doing.
+
+ If you absolutely must override the safe default, or if the
+preferences on a given key are invalid for some reason, you are far
+better off using the `--pgp6', `--pgp7', or `--pgp8' options. These
+options are safe as they do not force any particular algorithms in
+violation of OpenPGP, but rather reduce the available algorithms to a
+"PGP-safe" list.
+
+BUGS
+****
+
+On older systems this program should be installed as setuid(root). This
+is necessary to lock memory pages. Locking memory pages prevents the
+operating system from writing memory pages (which may contain
+passphrases or other sensitive material) to disk. If you get no warning
+message about insecure memory your operating system supports locking
+without being root. The program drops root privileges as soon as locked
+memory is allocated.
+
+ Note also that some systems (especially laptops) have the ability to
+"suspend to disk" (also known as "safe sleep" or "hibernate"). This
+writes all memory to disk before going into a low power or even powered
+off mode. Unless measures are taken in the operating system to protect
+the saved memory, passphrases or other sensitive material may be
+recoverable from it later.
+
+ Before you report a bug you should first search the mailing list
+archives for similar problems and second check whether such a bug has
+already been reported to our bug tracker at http://bugs.gnupg.org .
+
+
+File: gnupg.info, Node: Unattended Usage of GPG, Prev: GPG Examples, Up: Invoking GPG
+
+3.5 Unattended Usage
+====================
+
+`gpg' is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. The options `--status-fd' and `--batch' are almost
+always required for this.
+
+* Menu:
+
+* Unattended GPG key generation:: Unattended key generation
+
+
+File: gnupg.info, Node: Unattended GPG key generation, Up: Unattended Usage of GPG
+
+3.6 Unattended key generation
+=============================
+
+The command `--gen-key' may be used along with the option `--batch' for
+unattended key generation. The parameters are either read from stdin
+or given as a file on the command line. The format of the parameter
+file is as follows:
+
+ * Text only, line length is limited to about 1000 characters.
+
+ * UTF-8 encoding must be used to specify non-ASCII characters.
+
+ * Empty lines are ignored.
+
+ * Leading and trailing while space is ignored.
+
+ * A hash sign as the first non white space character indicates a
+ comment line.
+
+ * Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+
+ * Parameters are specified by a keyword, followed by a colon.
+ Arguments are separated by white space.
+
+ * The first parameter must be `Key-Type'; control statements may be
+ placed anywhere.
+
+ * The order of the parameters does not matter except for `Key-Type'
+ which must be the first parameter. The parameters are only used
+ for the generated keyblock (primary and subkeys); parameters
+ from previous sets are not used. Some syntactically checks may
+ be performed.
+
+ * Key generation takes place when either the end of the parameter
+ file is reached, the next `Key-Type' parameter is encountered or
+ at the control statement `%commit' is encountered.
+
+Control statements:
+
+%echo TEXT
+ Print TEXT as diagnostic.
+
+%dry-run
+ Suppress actual key generation (useful for syntax checking).
+
+%commit
+ Perform the key generation. Note that an implicit commit is done
+ at the next Key-Type parameter.
+
+%pubring FILENAME
+%secring FILENAME
+ Do not write the key to the default or commandline given keyring
+ but to FILENAME. This must be given before the first commit to
+ take place, duplicate specification of the same filename is
+ ignored, the last filename before a commit is used. The filename
+ is used until a new filename is used (at commit points) and all
+ keys are written to that file. If a new filename is given, this
+ file is created (and overwrites an existing one). For GnuPG
+ versions prior to 2.1, both control statements must be given. For
+ GnuPG 2.1 and later `%secring' is a no-op.
+
+%ask-passphrase
+%no-ask-passphrase
+ Enable (or disable) a mode where the command `passphrase' is
+ ignored and instead the usual passphrase dialog is used. This does
+ not make sense for batch key generation; however the unattended key
+ generation feature is also used by GUIs and this feature
+ relinquishes the GUI from implementing its own passphrase entry
+ code. These are global control statements and affect all future
+ key genrations.
+
+%no-protection
+ Since GnuPG version 2.1 it is not anymore possible to specify a
+ passphrase for unattended key generation. The passphrase command
+ is simply ignored and `%ask-passpharse' is thus implicitly enabled.
+ Using this option allows the creation of keys without any
+ passphrase protection. This option is mainly intended for
+ regression tests.
+
+%transient-key
+ If given the keys are created using a faster and a somewhat less
+ secure random number generator. This option may be used for keys
+ which are only used for a short time and do not require full
+ cryptographic strength. It takes only effect if used together with
+ the control statement `%no-protection'.
+
+
+General Parameters:
+
+Key-Type: ALGO
+ Starts a new parameter block by giving the type of the primary
+ key. The algorithm must be capable of signing. This is a required
+ parameter. ALGO may either be an OpenPGP algorithm number or a
+ string with the algorithm name. The special value `default' may
+ be used for ALGO to create the default key type; in this case a
+ `Key-Usage' shall not be given and `default' also be used for
+ `Subkey-Type'.
+
+Key-Length: NBITS
+ The requested length of the generated key in bits. The default is
+ returned by running the command `gpg2 --gpgconf-list'.
+
+Key-Grip: HEXSTRING
+ This is optional and used to generate a CSR or certificate for an
+ already existing key. Key-Length will be ignored when given.
+
+Key-Usage: USAGE-LIST
+ Space or comma delimited list of key usages. Allowed values are
+ `encrypt', `sign', and `auth'. This is used to generate the key
+ flags. Please make sure that the algorithm is capable of this
+ usage. Note that OpenPGP requires that all primary keys are
+ capable of certification, so no matter what usage is given here,
+ the `cert' flag will be on. If no `Key-Usage' is specified and
+ the `Key-Type' is not `default', all allowed usages for that
+ particular algorithm are used; if it is not given but `default' is
+ used the usage will be `sign'.
+
+Subkey-Type: ALGO
+ This generates a secondary key (subkey). Currently only one subkey
+ can be handled. See also `Key-Type' above.
+
+Subkey-Length: NBITS
+ Length of the secondary key (subkey) in bits. The default is
+ returned by running the command `gpg2 --gpgconf-list'".
+
+Subkey-Usage: USAGE-LIST
+ Key usage lists for a subkey; similar to `Key-Usage'.
+
+Passphrase: STRING
+ If you want to specify a passphrase for the secret key, enter it
+ here. Default is not to use any passphrase.
+
+Name-Real: NAME
+Name-Comment: COMMENT
+Name-Email: EMAIL
+ The three parts of a user name. Remember to use UTF-8 encoding
+ here. If you don't give any of them, no user ID is created.
+
+Expire-Date: ISO-DATE|(NUMBER[d|w|m|y])
+ Set the expiration date for the key (and the subkey). It may
+ either be entered in ISO date format (2000-08-15) or as number of
+ days, weeks, month or years. The special notation "seconds=N" is
+ also allowed to directly give an Epoch value. Without a letter
+ days are assumed. Note that there is no check done on the
+ overflow of the type used by OpenPGP for timestamps. Thus you
+ better make sure that the given value make sense. Although
+ OpenPGP works with time intervals, GnuPG uses an absolute value
+ internally and thus the last year we can represent is 2105.
+
+Ceation-Date: ISO-DATE
+ Set the creation date of the key as stored in the key information
+ and which is also part of the fingerprint calculation. Either a
+ date like "1986-04-26" or a full timestamp like "19860426T042640"
+ may be used. The time is considered to be UTC. If it is not
+ given the current time is used.
+
+Preferences: STRING
+ Set the cipher, hash, and compression preference values for this
+ key. This expects the same type of string as the sub-command
+ `setpref' in the `--edit-key' menu.
+
+Revoker: ALGO:FPR [sensitive]
+ Add a designated revoker to the generated key. Algo is the public
+ key algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)
+ FPR is the fingerprint of the designated revoker. The optional
+ `sensitive' flag marks the designated revoker as sensitive
+ information. Only v4 keys may be designated revokers.
+
+Keyserver: STRING
+ This is an optional parameter that specifies the preferred
+ keyserver URL for the key.
+
+Handle: STRING
+ This is an optional parameter only used with the status lines
+ KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100
+ characters and should not contain spaces. It is useful for batch
+ key generation to associate a key parameter block with a status
+ line.
+
+
+Here is an example on how to create a key:
+ $ cat >foo <<EOF
+ %echo Generating a basic OpenPGP key
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+ EOF
+ $ gpg2 --batch --gen-key foo
+ [...]
+ $ gpg2 --no-default-keyring --secret-keyring ./foo.sec \
+ --keyring ./foo.pub --list-secret-keys
+ /home/wk/work/gnupg-stable/scratch/foo.sec
+ ------------------------------------------
+ sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
+ ssb 1024g/8F70E2C0 2000-03-09
+
+If you want to create a key with the default algorithms you would use
+these parameters:
+ %echo Generating a default key
+ Key-Type: default
+ Subkey-Type: default
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+
+
+File: gnupg.info, Node: Invoking GPGSM, Next: Invoking SCDAEMON, Prev: Invoking GPG, Up: Top
+
+4 Invoking GPGSM
+****************
+
+`gpgsm' is a tool similar to `gpg' to provide digital encryption and
+signing services on X.509 certificates and the CMS protocol. It is
+mainly used as a backend for S/MIME mail processing. `gpgsm' includes
+a full featured certificate management and complies with all rules
+defined for the German Sphinx project.
+
+ *Note Option Index::, for an index to `GPGSM''s commands and options.
+
+* Menu:
+
+* GPGSM Commands:: List of all commands.
+* GPGSM Options:: List of all options.
+* GPGSM Configuration:: Configuration files.
+* GPGSM Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage:: Using `gpgsm' from other programs.
+* GPGSM Protocol:: The protocol the server mode uses.
+
+
+File: gnupg.info, Node: GPGSM Commands, Next: GPGSM Options, Up: Invoking GPGSM
+
+4.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+* Menu:
+
+* General GPGSM Commands:: Commands not specific to the functionality.
+* Operational GPGSM Commands:: Commands to select the type of operation.
+* Certificate Management:: How to manage certificates.
+
+
+File: gnupg.info, Node: General GPGSM Commands, Next: Operational GPGSM Commands, Up: GPGSM Commands
+
+4.1.1 Commands not specific to the function
+-------------------------------------------
+
+`--version'
+ Print the program version and licensing information. Note that you
+ cannot abbreviate this command.
+
+`--help, -h'
+ Print a usage message summarizing the most useful command-line
+ options. Note that you cannot abbreviate this command.
+
+`--warranty'
+ Print warranty information. Note that you cannot abbreviate this
+ command.
+
+`--dump-options'
+ Print a list of all available options and commands. Note that you
+ cannot abbreviate this command.
+
+
+File: gnupg.info, Node: Operational GPGSM Commands, Next: Certificate Management, Prev: General GPGSM Commands, Up: GPGSM Commands
+
+4.1.2 Commands to select the type of operation
+----------------------------------------------
+
+`--encrypt'
+ Perform an encryption. The keys the data is encrypted too must be
+ set using the option `--recipient'.
+
+`--decrypt'
+ Perform a decryption; the type of input is automatically
+ determined. It may either be in binary form or PEM encoded;
+ automatic determination of base-64 encoding is not done.
+
+`--sign'
+ Create a digital signature. The key used is either the fist one
+ found in the keybox or those set with the `--local-user' option.
+
+`--verify'
+ Check a signature file for validity. Depending on the arguments a
+ detached signature may also be checked.
+
+`--server'
+ Run in server mode and wait for commands on the `stdin'.
+
+`--call-dirmngr COMMAND [ARGS]'
+ Behave as a Dirmngr client issuing the request COMMAND with the
+ optional list of ARGS. The output of the Dirmngr is printed
+ stdout. Please note that file names given as arguments should
+ have an absolute file name (i.e. commencing with `/' because they
+ are passed verbatim to the Dirmngr and the working directory of the
+ Dirmngr might not be the same as the one of this client.
+ Currently it is not possible to pass data via stdin to the
+ Dirmngr. COMMAND should not contain spaces.
+
+ This is command is required for certain maintaining tasks of the
+ dirmngr where a dirmngr must be able to call back to `gpgsm'. See
+ the Dirmngr manual for details.
+
+`--call-protect-tool ARGUMENTS'
+ Certain maintenance operations are done by an external program call
+ `gpg-protect-tool'; this is usually not installed in a directory
+ listed in the PATH variable. This command provides a simple
+ wrapper to access this tool. ARGUMENTS are passed verbatim to
+ this command; use `--help' to get a list of supported operations.
+
+
+
+File: gnupg.info, Node: Certificate Management, Prev: Operational GPGSM Commands, Up: GPGSM Commands
+
+4.1.3 How to manage the certificates and keys
+---------------------------------------------
+
+`--gen-key'
+ -This command allows the creation of a certificate signing
+ request. It -is commonly used along with the `--output' option to
+ save the -created CSR into a file. If used with the `--batch' a
+ parameter -file is used to create the CSR.
+
+`--list-keys'
+`-k'
+ List all available certificates stored in the local key database.
+ Note that the displayed data might be reformatted for better human
+ readability and illegal characters are replaced by safe
+ substitutes.
+
+`--list-secret-keys'
+`-K'
+ List all available certificates for which a corresponding a secret
+ key is available.
+
+`--list-external-keys PATTERN'
+ List certificates matching PATTERN using an external server. This
+ utilizes the `dirmngr' service.
+
+`--list-chain'
+ Same as `--list-keys' but also prints all keys making up the chain.
+
+`--dump-cert'
+`--dump-keys'
+ List all available certificates stored in the local key database
+ using a format useful mainly for debugging.
+
+`--dump-chain'
+ Same as `--dump-keys' but also prints all keys making up the chain.
+
+`--dump-secret-keys'
+ List all available certificates for which a corresponding a secret
+ key is available using a format useful mainly for debugging.
+
+`--dump-external-keys PATTERN'
+ List certificates matching PATTERN using an external server. This
+ utilizes the `dirmngr' service. It uses a format useful mainly
+ for debugging.
+
+`--keydb-clear-some-cert-flags'
+ This is a debugging aid to reset certain flags in the key database
+ which are used to cache certain certificate stati. It is
+ especially useful if a bad CRL or a weird running OCSP responder
+ did accidentally revoke certificate. There is no security issue
+ with this command because `gpgsm' always make sure that the
+ validity of a certificate is checked right before it is used.
+
+`--delete-keys PATTERN'
+ Delete the keys matching PATTERN. Note that there is no command
+ to delete the secret part of the key directly. In case you need
+ to do this, you should run the command `gpgsm --dump-secret-keys
+ KEYID' before you delete the key, copy the string of hex-digits in
+ the "keygrip" line and delete the file consisting of these
+ hex-digits and the suffix `.key' from the `private-keys-v1.d'
+ directory below our GnuPG home directory (usually `~/.gnupg').
+
+`--export [PATTERN]'
+ Export all certificates stored in the Keybox or those specified by
+ the optional PATTERN. Those pattern consist of a list of user ids
+ (*note how-to-specify-a-user-id::). When used along with the
+ `--armor' option a few informational lines are prepended before
+ each block. There is one limitation: As there is no commonly
+ agreed upon way to pack more than one certificate into an ASN.1
+ structure, the binary export (i.e. without using `armor') works
+ only for the export of one certificate. Thus it is required to
+ specify a PATTERN which yields exactly one certificate. Ephemeral
+ certificate are only exported if all PATTERN are given as
+ fingerprints or keygrips.
+
+`--export-secret-key-p12 KEY-ID'
+ Export the private key and the certificate identified by KEY-ID in
+ a PKCS#12 format. When using along with the `--armor' option a few
+ informational lines are prepended to the output. Note, that the
+ PKCS#12 format is not very secure and this command is only
+ provided if there is no other way to exchange the private key.
+ (*note option --p12-charset::)
+
+`--import [FILES]'
+ Import the certificates from the PEM or binary encoded files as
+ well as from signed-only messages. This command may also be used
+ to import a secret key from a PKCS#12 file.
+
+`--learn-card'
+ Read information about the private keys from the smartcard and
+ import the certificates from there. This command utilizes the
+ `gpg-agent' and in turn the `scdaemon'.
+
+`--passwd USER_ID'
+ Change the passphrase of the private key belonging to the
+ certificate specified as USER_ID. Note, that changing the
+ passphrase/PIN of a smartcard is not yet supported.
+
+
+
+File: gnupg.info, Node: GPGSM Options, Next: GPGSM Configuration, Prev: GPGSM Commands, Up: Invoking GPGSM
+
+4.2 Option Summary
+==================
+
+`GPGSM' features a bunch of options to control the exact behaviour and
+to change the default configuration.
+
+* Menu:
+
+* Configuration Options:: How to change the configuration.
+* Certificate Options:: Certificate related options.
+* Input and Output:: Input and Output.
+* CMS Options:: How to change how the CMS is created.
+* Esoteric Options:: Doing things one usually do not want to do.
+
+
+File: gnupg.info, Node: Configuration Options, Next: Certificate Options, Up: GPGSM Options
+
+4.2.1 How to change the configuration
+-------------------------------------
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+`--options FILE'
+ Reads configuration from FILE instead of from the default per-user
+ configuration file. The default configuration file is named
+ `gpgsm.conf' and expected in the `.gnupg' directory directly below
+ the home directory of the user.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`-v'
+
+`--verbose'
+ Outputs additional information while running. You can increase
+ the verbosity by giving several verbose commands to `gpgsm', such
+ as `-vv'.
+
+`--policy-file FILENAME'
+ Change the default name of the policy file to FILENAME.
+
+`--agent-program FILE'
+ Specify an agent program to be used for secret key operations. The
+ default value is the `/usr/local/bin/gpg-agent'. This is only used
+ as a fallback when the environment variable `GPG_AGENT_INFO' is not
+ set or a running agent cannot be connected.
+
+`--dirmngr-program FILE'
+ Specify a dirmngr program to be used for CRL checks. The default
+ value is `/usr/sbin/dirmngr'. This is only used as a fallback
+ when the environment variable `DIRMNGR_INFO' is not set or a
+ running dirmngr cannot be connected.
+
+`--prefer-system-dirmngr'
+ If a system wide `dirmngr' is running in daemon mode, first try to
+ connect to this one. Fallback to a pipe based server if this does
+ not work. Under Windows this option is ignored because the system
+ dirmngr is always used.
+
+`--disable-dirmngr'
+ Entirely disable the use of the Dirmngr.
+
+`--no-secmem-warning'
+ Do not print a warning when the so called "secure memory" cannot
+ be used.
+
+`--log-file FILE'
+ When running in server mode, append all logging output to FILE.
+
+
+
+File: gnupg.info, Node: Certificate Options, Next: Input and Output, Prev: Configuration Options, Up: GPGSM Options
+
+4.2.2 Certificate related options
+---------------------------------
+
+`--enable-policy-checks'
+`--disable-policy-checks'
+ By default policy checks are enabled. These options may be used to
+ change it.
+
+`--enable-crl-checks'
+`--disable-crl-checks'
+ By default the CRL checks are enabled and the DirMngr is used to
+ check for revoked certificates. The disable option is most useful
+ with an off-line network connection to suppress this check.
+
+`--enable-trusted-cert-crl-check'
+`--disable-trusted-cert-crl-check'
+ By default the CRL for trusted root certificates are checked like
+ for any other certificates. This allows a CA to revoke its own
+ certificates voluntary without the need of putting all ever issued
+ certificates into a CRL. The disable option may be used to switch
+ this extra check off. Due to the caching done by the Dirmngr,
+ there will not be any noticeable performance gain. Note, that
+ this also disables possible OCSP checks for trusted root
+ certificates. A more specific way of disabling this check is by
+ adding the "relax" keyword to the root CA line of the
+ `trustlist.txt'
+
+`--force-crl-refresh'
+ Tell the dirmngr to reload the CRL for each request. For better
+ performance, the dirmngr will actually optimize this by suppressing
+ the loading for short time intervals (e.g. 30 minutes). This option
+ is useful to make sure that a fresh CRL is available for
+ certificates hold in the keybox. The suggested way of doing this
+ is by using it along with the option `--with-validation' for a key
+ listing command. This option should not be used in a
+ configuration file.
+
+`--enable-ocsp'
+`--disable-ocsp'
+ By default OCSP checks are disabled. The enable option may be
+ used to enable OCSP checks via Dirmngr. If CRL checks are also
+ enabled, CRLs will be used as a fallback if for some reason an
+ OCSP request will not succeed. Note, that you have to allow OCSP
+ requests in Dirmngr's configuration too (option `--allow-ocsp')
+ and configure Dirmngr properly. If you do not do so you will get
+ the error code `Not supported'.
+
+`--auto-issuer-key-retrieve'
+ If a required certificate is missing while validating the chain of
+ certificates, try to load that certificate from an external
+ location. This usually means that Dirmngr is employed to search
+ for the certificate. Note that this option makes a "web bug" like
+ behavior possible. LDAP server operators can see which keys you
+ request, so by sending you a message signed by a brand new key
+ (which you naturally will not have on your local keybox), the
+ operator can tell both your IP address and the time when you
+ verified the signature.
+
+`--validation-model NAME'
+ This option changes the default validation model. The only
+ possible values are "shell" (which is the default), "chain" which
+ forces the use of the chain model and "steed" for a new simplified
+ model. The chain model is also used if an option in the
+ `trustlist.txt' or an attribute of the certificate requests it.
+ However the standard model (shell) is in that case always tried
+ first.
+
+`--ignore-cert-extension OID'
+ Add OID to the list of ignored certificate extensions. The OID is
+ expected to be in dotted decimal form, like `2.5.29.3'. This
+ option may be used more than once. Critical flagged certificate
+ extensions matching one of the OIDs in the list are treated as if
+ they are actually handled and thus the certificate will not be
+ rejected due to an unknown critical extension. Use this option
+ with care because extensions are usually flagged as critical for a
+ reason.
+
+
+
+File: gnupg.info, Node: Input and Output, Next: CMS Options, Prev: Certificate Options, Up: GPGSM Options
+
+4.2.3 Input and Output
+----------------------
+
+`--armor'
+`-a'
+ Create PEM encoded output. Default is binary output.
+
+`--base64'
+ Create Base-64 encoded output; i.e. PEM without the header lines.
+
+`--assume-armor'
+ Assume the input data is PEM encoded. Default is to autodetect the
+ encoding but this is may fail.
+
+`--assume-base64'
+ Assume the input data is plain base-64 encoded.
+
+`--assume-binary'
+ Assume the input data is binary encoded.
+
+`--p12-charset NAME'
+ `gpgsm' uses the UTF-8 encoding when encoding passphrases for
+ PKCS#12 files. This option may be used to force the passphrase to
+ be encoded in the specified encoding NAME. This is useful if the
+ application used to import the key uses a different encoding and
+ thus will not be able to import a file generated by `gpgsm'.
+ Commonly used values for NAME are `Latin1' and `CP850'. Note that
+ `gpgsm' itself automagically imports any file with a passphrase
+ encoded to the most commonly used encodings.
+
+`--default-key USER_ID'
+ Use USER_ID as the standard key for signing. This key is used if
+ no other key has been defined as a signing key. Note, that the
+ first `--local-users' option also sets this key if it has not yet
+ been set; however `--default-key' always overrides this.
+
+`--local-user USER_ID'
+
+`-u USER_ID'
+ Set the user(s) to be used for signing. The default is the first
+ secret key found in the database.
+
+`--recipient NAME'
+`-r'
+ Encrypt to the user id NAME. There are several ways a user id may
+ be given (*note how-to-specify-a-user-id::).
+
+`--output FILE'
+`-o FILE'
+ Write output to FILE. The default is to write it to stdout.
+
+`--with-key-data'
+ Displays extra information with the `--list-keys' commands.
+ Especially a line tagged `grp' is printed which tells you the
+ keygrip of a key. This string is for example used as the file
+ name of the secret key.
+
+`--with-validation'
+ When doing a key listing, do a full validation check for each key
+ and print the result. This is usually a slow operation because it
+ requires a CRL lookup and other operations.
+
+ When used along with -import, a validation of the certificate to
+ import is done and only imported if it succeeds the test. Note
+ that this does not affect an already available certificate in the
+ DB. This option is therefore useful to simply verify a
+ certificate.
+
+`--with-md5-fingerprint'
+ For standard key listings, also print the MD5 fingerprint of the
+ certificate.
+
+`--with-keygrip'
+ Include the keygrip in standard key listings. Note that the
+ keygrip is always listed in -with-colons mode.
+
+
+
+File: gnupg.info, Node: CMS Options, Next: Esoteric Options, Prev: Input and Output, Up: GPGSM Options
+
+4.2.4 How to change how the CMS is created.
+-------------------------------------------
+
+`--include-certs N'
+ Using N of -2 includes all certificate except for the root cert,
+ -1 includes all certs, 0 does not include any certs, 1 includes
+ only the signers cert and all other positive values include up to N
+ certificates starting with the signer cert. The default is -2.
+
+`--cipher-algo OID'
+ Use the cipher algorithm with the ASN.1 object identifier OID for
+ encryption. For convenience the strings `3DES', `AES' and
+ `AES256' may be used instead of their OIDs. The default is `3DES'
+ (1.2.840.113549.3.7).
+
+`--digest-algo `name''
+ Use `name' as the message digest algorithm. Usually this
+ algorithm is deduced from the respective signing certificate. This
+ option forces the use of the given algorithm and may lead to severe
+ interoperability problems.
+
+
+
+File: gnupg.info, Node: Esoteric Options, Prev: CMS Options, Up: GPGSM Options
+
+4.2.5 Doing things one usually do not want to do.
+-------------------------------------------------
+
+`--extra-digest-algo NAME'
+ Sometimes signatures are broken in that they announce a different
+ digest algorithm than actually used. `gpgsm' uses a one-pass data
+ processing model and thus needs to rely on the announced digest
+ algorithms to properly hash the data. As a workaround this option
+ may be used to tell gpg to also hash the data using the algorithm
+ NAME; this slows processing down a little bit but allows to verify
+ such broken signatures. If `gpgsm' prints an error like "digest
+ algo 8 has not been enabled" you may want to try this option, with
+ `SHA256' for NAME.
+
+`--faked-system-time EPOCH'
+ This option is only useful for testing; it sets the system time
+ back or forth to EPOCH which is the number of seconds elapsed
+ since the year 1970. Alternatively EPOCH may be given as a full
+ ISO time string (e.g. "20070924T154812").
+
+`--with-ephemeral-keys'
+ Include ephemeral flagged keys in the output of key listings. Note
+ that they are included anyway if the key specification for a
+ listing is given as fingerprint or keygrip.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or by a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+`--debug FLAGS'
+ This option is only useful for debugging and the behaviour may
+ change at any time without notice; using `--debug-levels' is the
+ preferred method to select the debug verbosity. FLAGS are bit
+ encoded and may be given in usual C-Syntax. The currently defined
+ bits are:
+
+ `0 (1)'
+ X.509 or OpenPGP protocol related data
+
+ `1 (2)'
+ values of big number integers
+
+ `2 (4)'
+ low level crypto operations
+
+ `5 (32)'
+ memory allocation
+
+ `6 (64)'
+ caching
+
+ `7 (128)'
+ show memory statistics.
+
+ `9 (512)'
+ write hashed data to files named `dbgmd-000*'
+
+ `10 (1024)'
+ trace Assuan protocol
+
+ Note, that all flags set using this option may get overridden by
+ `--debug-level'.
+
+`--debug-all'
+ Same as `--debug=0xffffffff'
+
+`--debug-allow-core-dump'
+ Usually `gpgsm' tries to avoid dumping core by well written code
+ and by disabling core dumps for security reasons. However, bugs
+ are pretty durable beasts and to squash them it is sometimes
+ useful to have a core dump. This option enables core dumps unless
+ the Bad Thing happened before the option parsing.
+
+`--debug-no-chain-validation'
+ This is actually not a debugging option but only useful as such.
+ It lets `gpgsm' bypass all certificate chain validation checks.
+
+`--debug-ignore-expiration'
+ This is actually not a debugging option but only useful as such.
+ It lets `gpgsm' ignore all notAfter dates, this is used by the
+ regression tests.
+
+`--fixed-passphrase STRING'
+ Supply the passphrase STRING to the gpg-protect-tool. This option
+ is only useful for the regression tests included with this package
+ and may be revised or removed at any time without notice.
+
+`--no-common-certs-import'
+ Suppress the import of common certificates on keybox creation.
+
+
+ All the long options may also be given in the configuration file
+after stripping off the two leading dashes.
+
+
+File: gnupg.info, Node: GPGSM Configuration, Next: GPGSM Examples, Prev: GPGSM Options, Up: Invoking GPGSM
+
+4.3 Configuration files
+=======================
+
+There are a few configuration files to control certain aspects of
+`gpgsm''s operation. Unless noted, they are expected in the current
+home directory (*note option --homedir::).
+
+`gpgsm.conf'
+ This is the standard configuration file read by `gpgsm' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This default name may be changed on the command line (*note option
+ --options::). You should backup this file.
+
+`policies.txt'
+ This is a list of allowed CA policies. This file should list the
+ object identifiers of the policies line by line. Empty lines and
+ lines starting with a hash mark are ignored. Policies missing in
+ this file and not marked as critical in the certificate will print
+ only a warning; certificates with policies marked as critical and
+ not listed in this file will fail the signature verification. You
+ should backup this file.
+
+ For example, to allow only the policy 2.289.9.9, the file should
+ look like this:
+
+ # Allowed policies
+ 2.289.9.9
+
+`qualified.txt'
+ This is the list of root certificates used for qualified
+ certificates. They are defined as certificates capable of
+ creating legally binding signatures in the same way as handwritten
+ signatures are. Comments start with a hash mark and empty lines
+ are ignored. Lines do have a length limit but this is not a
+ serious limitation as the format of the entries is fixed and
+ checked by gpgsm: A non-comment line starts with optional
+ whitespace, followed by exactly 40 hex character, white space and
+ a lowercased 2 letter country code. Additional data delimited with
+ by a white space is current ignored but might late be used for
+ other purposes.
+
+ Note that even if a certificate is listed in this file, this does
+ not mean that the certificate is trusted; in general the
+ certificates listed in this file need to be listed also in
+ `trustlist.txt'.
+
+ This is a global file an installed in the data directory (e.g.
+ `/usr/share/gnupg/qualified.txt'). GnuPG installs a suitable file
+ with root certificates as used in Germany. As new Root-CA
+ certificates may be issued over time, these entries may need to be
+ updated; new distributions of this software should come with an
+ updated list but it is still the responsibility of the
+ Administrator to check that this list is correct.
+
+ Everytime `gpgsm' uses a certificate for signing or verification
+ this file will be consulted to check whether the certificate under
+ question has ultimately been issued by one of these CAs. If this
+ is the case the user will be informed that the verified signature
+ represents a legally binding ("qualified") signature. When
+ creating a signature using such a certificate an extra prompt will
+ be issued to let the user confirm that such a legally binding
+ signature shall really be created.
+
+ Because this software has not yet been approved for use with such
+ certificates, appropriate notices will be shown to indicate this
+ fact.
+
+`help.txt'
+ This is plain text file with a few help entries used with
+ `pinentry' as well as a large list of help items for `gpg' and
+ `gpgsm'. The standard file has English help texts; to install
+ localized versions use filenames like `help.LL.txt' with LL
+ denoting the locale. GnuPG comes with a set of predefined help
+ files in the data directory (e.g. `/usr/share/gnupg/help.de.txt')
+ and allows overriding of any help item by help files stored in the
+ system configuration directory (e.g. `/etc/gnupg/help.de.txt').
+ For a reference of the help file's syntax, please see the installed
+ `help.txt' file.
+
+`com-certs.pem'
+ This file is a collection of common certificates used to populated
+ a newly created `pubring.kbx'. An administrator may replace this
+ file with a custom one. The format is a concatenation of PEM
+ encoded X.509 certificates. This global file is installed in the
+ data directory (e.g. `/usr/share/gnupg/com-certs.pem').
+
+
+ Note that on larger installations, it is useful to put predefined
+files into the directory `/etc/skel/.gnupg/' so that newly created users
+start up with a working configuration. For existing users a small
+helper script is provided to create these files (*note addgnupghome::).
+
+ For internal purposes gpgsm creates and maintains a few other files;
+they all live in in the current home directory (*note option
+--homedir::). Only `gpgsm' may modify these files.
+
+`pubring.kbx'
+ This a database file storing the certificates as well as meta
+ information. For debugging purposes the tool `kbxutil' may be
+ used to show the internal structure of this file. You should
+ backup this file.
+
+`random_seed'
+ This content of this file is used to maintain the internal state
+ of the random number generator across invocations. The same file
+ is used by other programs of this software too.
+
+`S.gpg-agent'
+ If this file exists and the environment variable `GPG_AGENT_INFO'
+ is not set, `gpgsm' will first try to connect to this socket for
+ accessing `gpg-agent' before starting a new `gpg-agent' instance.
+ Under Windows this socket (which in reality be a plain file
+ describing a regular TCP listening port) is the standard way of
+ connecting the `gpg-agent'.
+
+
+
+File: gnupg.info, Node: GPGSM Examples, Next: Unattended Usage, Prev: GPGSM Configuration, Up: Invoking GPGSM
+
+4.4 Examples
+============
+
+ $ gpgsm -er goo@bar.net <plaintext >ciphertext
+
+
+File: gnupg.info, Node: Unattended Usage, Next: GPGSM Protocol, Prev: GPGSM Examples, Up: Invoking GPGSM
+
+4.5 Unattended Usage
+====================
+
+`gpgsm' is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. This is most likely used with the `--server' command
+but may also be used in the standard operation mode by using the
+`--status-fd' option.
+
+* Menu:
+
+* Automated signature checking:: Automated signature checking.
+* CSR and certificate creation:: CSR and certificate creation.
+
+
+File: gnupg.info, Node: Automated signature checking, Up: Unattended Usage
+
+4.6 Automated signature checking
+================================
+
+It is very important to understand the semantics used with signature
+verification. Checking a signature is not as simple as it may sound and
+so the operation is a bit complicated. In most cases it is required to
+look at several status lines. Here is a table of all cases a signed
+message may have:
+
+The signature is valid
+ This does mean that the signature has been successfully verified,
+ the certificates are all sane. However there are two subcases with
+ important information: One of the certificates may have expired
+ or a signature of a message itself as expired. It is a sound
+ practise to consider such a signature still as valid but
+ additional information should be displayed. Depending on the
+ subcase `gpgsm' will issue these status codes:
+ signature valid and nothing did expire
+ `GOODSIG', `VALIDSIG', `TRUST_FULLY'
+
+ signature valid but at least one certificate has expired
+ `EXPKEYSIG', `VALIDSIG', `TRUST_FULLY'
+
+ signature valid but expired
+ `EXPSIG', `VALIDSIG', `TRUST_FULLY' Note, that this case is
+ currently not implemented.
+
+The signature is invalid
+ This means that the signature verification failed (this is an
+ indication of af a transfer error, a program error or tampering
+ with the message). `gpgsm' issues one of these status codes
+ sequences:
+ ``BADSIG''
+
+ ``GOODSIG', `VALIDSIG' `TRUST_NEVER''
+
+Error verifying a signature
+ For some reason the signature could not be verified, i.e. it
+ cannot be decided whether the signature is valid or invalid. A
+ common reason for this is a missing certificate.
+
+
+
+File: gnupg.info, Node: CSR and certificate creation, Up: Unattended Usage
+
+4.7 CSR and certificate creation
+================================
+
+*Please notice*: The immediate creation of certificates is only
+supported by GnuPG version 2.1 or later. With a 2.0 version you may
+only create a CSR.
+
+The command `--gen-key' may be used along with the option `--batch' to
+either create a certificate signing request (CSR) or an X.509
+certificate. The is controlled by a parameter file; the format of this
+file is as follows:
+
+ * Text only, line length is limited to about 1000 characters.
+
+ * UTF-8 encoding must be used to specify non-ASCII characters.
+
+ * Empty lines are ignored.
+
+ * Leading and trailing while space is ignored.
+
+ * A hash sign as the first non white space character indicates a
+ comment line.
+
+ * Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+
+ * Parameters are specified by a keyword, followed by a colon.
+ Arguments are separated by white space.
+
+ * The first parameter must be `Key-Type', control statements may be
+ placed anywhere.
+
+ * The order of the parameters does not matter except for `Key-Type'
+ which must be the first parameter. The parameters are only used
+ for the generated CSR/certificate; parameters from previous sets
+ are not used. Some syntactically checks may be performed.
+
+ * Key generation takes place when either the end of the parameter
+ file is reached, the next `Key-Type' parameter is encountered or
+ at the control statement `%commit' is encountered.
+
+Control statements:
+
+%echo TEXT
+ Print TEXT as diagnostic.
+
+%dry-run
+ Suppress actual key generation (useful for syntax checking).
+
+%commit
+ Perform the key generation. Note that an implicit commit is done
+ at the next Key-Type parameter.
+
+
+General Parameters:
+
+Key-Type: ALGO
+ Starts a new parameter block by giving the type of the primary
+ key. The algorithm must be capable of signing. This is a required
+ parameter. The only supported value for ALGO is `rsa'.
+
+Key-Length: NBITS
+ The requested length of a generated key in bits. Defaults to 2048.
+
+Key-Grip: HEXSTRING
+ This is optional and used to generate a CSR or certificatet for an
+ already existing key. Key-Length will be ignored when given.
+
+Key-Usage: USAGE-LIST
+ Space or comma delimited list of key usage, allowed values are
+ `encrypt', `sign' and `cert'. This is used to generate the
+ keyUsage extension. Please make sure that the algorithm is
+ capable of this usage. Default is to allow encrypt and sign.
+
+Name-DN: SUBJECT-NAME
+ This is the Distinguished Name (DN) of the subject in RFC-2253
+ format.
+
+Name-Email: STRING
+ This is an email address for the altSubjectName. This parameter is
+ optional but may occur several times to add several email
+ addresses to a certificate.
+
+Name-DNS: STRING
+ The is an DNS name for the altSubjectName. This parameter is
+ optional but may occur several times to add several DNS names to a
+ certificate.
+
+Name-URI: STRING
+ This is an URI for the altSubjectName. This parameter is optional
+ but may occur several times to add several URIs to a certificate.
+
+Additional parameters used to create a certificate (in contrast to a
+certificate signing request):
+
+Serial: SN
+ If this parameter is given an X.509 certificate will be generated.
+ SN is expected to be a hex string representing an unsigned integer
+ of arbitary length. The special value `random' can be used to
+ create a 64 bit random serial number.
+
+Issuer-DN: ISSUER-NAME
+ This is the DN name of the issuer in rfc2253 format. If it is not
+ set it will default to the subject DN and a special GnuPG
+ extension will be included in the certificate to mark it as a
+ standalone certificate.
+
+Creation-Date: ISO-DATE
+Not-Before: ISO-DATE
+ Set the notBefore date of the certificate. Either a date like
+ `1986-04-26' or `1986-04-26 12:00' or a standard ISO timestamp
+ like `19860426T042640' may be used. The time is considered to be
+ UTC. If it is not given the current date is used.
+
+Expire-Date: ISO-DATE
+Not-After: ISO-DATE
+ Set the notAfter date of the certificate. Either a date like
+ `2063-04-05' or `2063-04-05 17:00' or a standard ISO timestamp
+ like `20630405T170000' may be used. The time is considered to be
+ UTC. If it is not given a default value in the not too far future
+ is used.
+
+Signing-Key: KEYGRIP
+ This gives the keygrip of the key used to sign the certificate.
+ If it is not given a self-signed certificate will be created. For
+ compatibility with future versions, it is suggested to prefix the
+ keygrip with a `&'.
+
+Hash-Algo: HASH-ALGO
+ Use HASH-ALGO for this CSR or certificate. The supported hash
+ algorithms are: `sha1', `sha256', `sha384' and `sha512'; they may
+ also be specified with uppercase letters. The default is `sha1'.
+
+
+
+File: gnupg.info, Node: GPGSM Protocol, Prev: Unattended Usage, Up: Invoking GPGSM
+
+4.8 The Protocol the Server Mode Uses.
+======================================
+
+Description of the protocol used to access `GPGSM'. `GPGSM' does
+implement the Assuan protocol and in addition provides a regular
+command line interface which exhibits a full client to this protocol
+(but uses internal linking). To start `gpgsm' as a server the command
+line the option `--server' must be used. Additional options are
+provided to select the communication method (i.e. the name of the
+socket).
+
+ We assume that the connection has already been established; see the
+Assuan manual for details.
+
+* Menu:
+
+* GPGSM ENCRYPT:: Encrypting a message.
+* GPGSM DECRYPT:: Decrypting a message.
+* GPGSM SIGN:: Signing a message.
+* GPGSM VERIFY:: Verifying a message.
+* GPGSM GENKEY:: Generating a key.
+* GPGSM LISTKEYS:: List available keys.
+* GPGSM EXPORT:: Export certificates.
+* GPGSM IMPORT:: Import certificates.
+* GPGSM DELETE:: Delete certificates.
+* GPGSM GETINFO:: Information about the process
+
+
+File: gnupg.info, Node: GPGSM ENCRYPT, Next: GPGSM DECRYPT, Up: GPGSM Protocol
+
+4.8.1 Encrypting a Message
+--------------------------
+
+Before encryption can be done the recipient must be set using the
+command:
+
+ RECIPIENT USERID
+
+ Set the recipient for the encryption. USERID should be the internal
+representation of the key; the server may accept any other way of
+specification. If this is a valid and trusted recipient the server
+does respond with OK, otherwise the return is an ERR with the reason why
+the recipient cannot be used, the encryption will then not be done for
+this recipient. If the policy is not to encrypt at all if not all
+recipients are valid, the client has to take care of this. All
+`RECIPIENT' commands are cumulative until a `RESET' or an successful
+`ENCRYPT' command.
+
+ INPUT FD[=N] [--armor|--base64|--binary]
+
+ Set the file descriptor for the message to be encrypted to N.
+Obviously the pipe must be open at that point, the server establishes
+its own end. If the server returns an error the client should consider
+this session failed. If N is not given, this commands uses the last
+file descriptor passed to the application. *Note the assuan_sendfd
+function: (assuan)fun-assuan_sendfd, on how to do descriptor passing.
+
+ The `--armor' option may be used to advice the server that the input
+data is in PEM format, `--base64' advices that a raw base-64 encoding
+is used, `--binary' advices of raw binary input (BER). If none of
+these options is used, the server tries to figure out the used
+encoding, but this may not always be correct.
+
+ OUTPUT FD[=N] [--armor|--base64]
+
+ Set the file descriptor to be used for the output (i.e. the encrypted
+message). Obviously the pipe must be open at that point, the server
+establishes its own end. If the server returns an error he client
+should consider this session failed.
+
+ The option armor encodes the output in PEM format, the `--base64'
+option applies just a base 64 encoding. No option creates binary
+output (BER).
+
+ The actual encryption is done using the command
+
+ ENCRYPT
+
+ It takes the plaintext from the `INPUT' command, writes to the
+ciphertext to the file descriptor set with the `OUTPUT' command, take
+the recipients from all the recipients set so far. If this command
+fails the clients should try to delete all output currently done or
+otherwise mark it as invalid. `GPGSM' does ensure that there will not
+be any security problem with leftover data on the output in this case.
+
+ This command should in general not fail, as all necessary checks have
+been done while setting the recipients. The input and output pipes are
+closed.
+
+
+File: gnupg.info, Node: GPGSM DECRYPT, Next: GPGSM SIGN, Prev: GPGSM ENCRYPT, Up: GPGSM Protocol
+
+4.8.2 Decrypting a message
+--------------------------
+
+Input and output FDs are set the same way as in encryption, but `INPUT'
+refers to the ciphertext and output to the plaintext. There is no need
+to set recipients. `GPGSM' automatically strips any S/MIME headers
+from the input, so it is valid to pass an entire MIME part to the INPUT
+pipe.
+
+ The encryption is done by using the command
+
+ DECRYPT
+
+ It performs the decrypt operation after doing some check on the
+internal state. (e.g. that all needed data has been set). Because it
+utilizes the GPG-Agent for the session key decryption, there is no need
+to ask the client for a protecting passphrase - GpgAgent takes care of
+this by requesting this from the user.
+
+
+File: gnupg.info, Node: GPGSM SIGN, Next: GPGSM VERIFY, Prev: GPGSM DECRYPT, Up: GPGSM Protocol
+
+4.8.3 Signing a Message
+-----------------------
+
+Signing is usually done with these commands:
+
+ INPUT FD[=N] [--armor|--base64|--binary]
+
+ This tells `GPGSM' to read the data to sign from file descriptor N.
+
+ OUTPUT FD[=M] [--armor|--base64]
+
+ Write the output to file descriptor M. If a detached signature is
+requested, only the signature is written.
+
+ SIGN [--detached]
+
+ Sign the data set with the INPUT command and write it to the sink
+set by OUTPUT. With `--detached', a detached signature is created
+(surprise).
+
+ The key used for signing is the default one or the one specified in
+the configuration file. To get finer control over the keys, it is
+possible to use the command
+
+ SIGNER USERID
+
+ to the signer's key. USERID should be the internal representation
+of the key; the server may accept any other way of specification. If
+this is a valid and trusted recipient the server does respond with OK,
+otherwise the return is an ERR with the reason why the key cannot be
+used, the signature will then not be created using this key. If the
+policy is not to sign at all if not all keys are valid, the client has
+to take care of this. All `SIGNER' commands are cumulative until a
+`RESET' is done. Note that a `SIGN' does not reset this list of
+signers which is in contrats to the `RECIPIENT' command.
+
+
+File: gnupg.info, Node: GPGSM VERIFY, Next: GPGSM GENKEY, Prev: GPGSM SIGN, Up: GPGSM Protocol
+
+4.8.4 Verifying a Message
+-------------------------
+
+To verify a mesage the command:
+
+ VERIFY
+
+ is used. It does a verify operation on the message send to the input
+FD. The result is written out using status lines. If an output FD was
+given, the signed text will be written to that. If the signature is a
+detached one, the server will inquire about the signed material and the
+client must provide it.
+
+
+File: gnupg.info, Node: GPGSM GENKEY, Next: GPGSM LISTKEYS, Prev: GPGSM VERIFY, Up: GPGSM Protocol
+
+4.8.5 Generating a Key
+----------------------
+
+This is used to generate a new keypair, store the secret part in the
+PSE and the public key in the key database. We will probably add
+optional commands to allow the client to select whether a hardware
+token is used to store the key. Configuration options to `GPGSM' can
+be used to restrict the use of this command.
+
+ GENKEY
+
+ `GPGSM' checks whether this command is allowed and then does an
+INQUIRY to get the key parameters, the client should then send the key
+parameters in the native format:
+
+ S: INQUIRE KEY_PARAM native
+ C: D foo:fgfgfg
+ C: D bar
+ C: END
+
+ Please note that the server may send Status info lines while reading
+the data lines from the client. After this the key generation takes
+place and the server eventually does send an ERR or OK response.
+Status lines may be issued as a progress indicator.
+
+
+File: gnupg.info, Node: GPGSM LISTKEYS, Next: GPGSM EXPORT, Prev: GPGSM GENKEY, Up: GPGSM Protocol
+
+4.8.6 List available keys
+-------------------------
+
+To list the keys in the internal database or using an external key
+provider, the command:
+
+ LISTKEYS PATTERN
+
+ is used. To allow multiple patterns (which are ORed during the
+search) quoting is required: Spaces are to be translated into "+" or
+into "%20"; in turn this requires that the usual escape quoting rules
+are done.
+
+ LISTSECRETKEYS PATTERN
+
+ Lists only the keys where a secret key is available.
+
+ The list commands commands are affected by the option
+
+ OPTION list-mode=MODE
+
+ where mode may be:
+`0'
+ Use default (which is usually the same as 1).
+
+`1'
+ List only the internal keys.
+
+`2'
+ List only the external keys.
+
+`3'
+ List internal and external keys.
+
+ Note that options are valid for the entire session.
+
+
+File: gnupg.info, Node: GPGSM EXPORT, Next: GPGSM IMPORT, Prev: GPGSM LISTKEYS, Up: GPGSM Protocol
+
+4.8.7 Export certificates
+-------------------------
+
+To export certificate from the internal key database the command:
+
+ EXPORT [--data [--armor] [--base64]] [--] PATTERN
+
+ is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+ If the `--data' option has not been given, the format of the output
+depends on what was set with the OUTPUT command. When using PEM
+encoding a few informational lines are prepended.
+
+ If the `--data' has been given, a target set via OUTPUT is ignored
+and the data is returned inline using standard `D'-lines. This avoids
+the need for an extra file descriptor. In this case the options
+`--armor' and `--base64' may be used in the same way as with the OUTPUT
+command.
+
+
+File: gnupg.info, Node: GPGSM IMPORT, Next: GPGSM DELETE, Prev: GPGSM EXPORT, Up: GPGSM Protocol
+
+4.8.8 Import certificates
+-------------------------
+
+To import certificates into the internal key database, the command
+
+ IMPORT [--re-import]
+
+ is used. The data is expected on the file descriptor set with the
+`INPUT' command. Certain checks are performed on the certificate.
+Note that the code will also handle PKCS#12 files and import private
+keys; a helper program is used for that.
+
+ With the option `--re-import' the input data is expected to a be a
+linefeed separated list of fingerprints. The command will re-import
+the corresponding certificates; that is they are made permanent by
+removing their ephemeral flag.
+
+
+File: gnupg.info, Node: GPGSM DELETE, Next: GPGSM GETINFO, Prev: GPGSM IMPORT, Up: GPGSM Protocol
+
+4.8.9 Delete certificates
+-------------------------
+
+To delete a certificate the command
+
+ DELKEYS PATTERN
+
+ is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+ The certificates must be specified unambiguously otherwise an error
+is returned.
+
+
+File: gnupg.info, Node: GPGSM GETINFO, Prev: GPGSM DELETE, Up: GPGSM Protocol
+
+4.8.10 Return information about the process
+-------------------------------------------
+
+This is a multipurpose function to return a variety of information.
+
+ GETINFO WHAT
+
+ The value of WHAT specifies the kind of information returned:
+`version'
+ Return the version of the program.
+
+`pid'
+ Return the process id of the process.
+
+`agent-check'
+ Return success if the agent is running.
+
+`cmd_has_option CMD OPT'
+ Return success if the command CMD implements the option OPT. The
+ leading two dashes usually used with OPT shall not be given.
+
+
+File: gnupg.info, Node: Invoking SCDAEMON, Next: Specify a User ID, Prev: Invoking GPGSM, Up: Top
+
+5 Invoking the SCDAEMON
+***********************
+
+The `scdaemon' is a daemon to manage smartcards. It is usually invoked
+by `gpg-agent' and in general not used directly.
+
+ *Note Option Index::, for an index to `scdaemon''s commands and
+options.
+
+* Menu:
+
+* Scdaemon Commands:: List of all commands.
+* Scdaemon Options:: List of all options.
+* Card applications:: Description of card applications.
+* Scdaemon Configuration:: Configuration files.
+* Scdaemon Examples:: Some usage examples.
+* Scdaemon Protocol:: The protocol the daemon uses.
+
+
+File: gnupg.info, Node: Scdaemon Commands, Next: Scdaemon Options, Up: Invoking SCDAEMON
+
+5.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+`--version'
+ Print the program version and licensing information. Not that you
+ can abbreviate this command.
+
+`--help, -h'
+ Print a usage message summarizing the most useful command-line
+ options. Not that you can abbreviate this command.
+
+`--dump-options'
+ Print a list of all available options and commands. Not that you
+ can abbreviate this command.
+
+`--server'
+ Run in server mode and wait for commands on the `stdin'. This is
+ default mode is to create a socket and listen for commands there.
+
+`--multi-server'
+ Run in server mode and wait for commands on the `stdin' as well as
+ on an additional Unix Domain socket. The server command `GETINFO'
+ may be used to get the name of that extra socket.
+
+`--daemon'
+ Run the program in the background. This option is required to
+ prevent it from being accidentally running in the background.
+
+
+
+File: gnupg.info, Node: Scdaemon Options, Next: Card applications, Prev: Scdaemon Commands, Up: Invoking SCDAEMON
+
+5.2 Option Summary
+==================
+
+`--options FILE'
+ Reads configuration from FILE instead of from the default per-user
+ configuration file. The default configuration file is named
+ `scdaemon.conf' and expected in the `.gnupg' directory directly
+ below the home directory of the user.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`-v'
+
+`--verbose'
+ Outputs additional information while running. You can increase
+ the verbosity by giving several verbose commands to `gpgsm', such
+ as `-vv'.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+ Note: All debugging options are subject to change and thus
+ should not be used by any application program. As the name
+ says, they are only used as helpers to debug problems.
+
+`--debug FLAGS'
+ This option is only useful for debugging and the behaviour may
+ change at any time without notice. FLAGS are bit encoded and may
+ be given in usual C-Syntax. The currently defined bits are:
+
+ `0 (1)'
+ command I/O
+
+ `1 (2)'
+ values of big number integers
+
+ `2 (4)'
+ low level crypto operations
+
+ `5 (32)'
+ memory allocation
+
+ `6 (64)'
+ caching
+
+ `7 (128)'
+ show memory statistics.
+
+ `9 (512)'
+ write hashed data to files named `dbgmd-000*'
+
+ `10 (1024)'
+ trace Assuan protocol. See also option
+ `--debug-assuan-log-cats'.
+
+ `11 (2048)'
+ trace APDU I/O to the card. This may reveal sensitive data.
+
+ `12 (4096)'
+ trace some card reader related function calls.
+
+`--debug-all'
+ Same as `--debug=0xffffffff'
+
+`--debug-wait N'
+ When running in server mode, wait N seconds before entering the
+ actual processing loop and print the pid. This gives time to
+ attach a debugger.
+
+`--debug-ccid-driver'
+ Enable debug output from the included CCID driver for smartcards.
+ Using this option twice will also enable some tracing of the T=1
+ protocol. Note that this option may reveal sensitive data.
+
+`--debug-disable-ticker'
+ This option disables all ticker functions like checking for card
+ insertions.
+
+`--debug-allow-core-dump'
+ For security reasons we won't create a core dump when the process
+ aborts. For debugging purposes it is sometimes better to allow
+ core dump. This options enables it and also changes the working
+ directory to `/tmp' when running in `--server' mode.
+
+`--debug-log-tid'
+ This option appends a thread ID to the PID in the log output.
+
+`--debug-assuan-log-cats CATS'
+ Changes the active Libassuan logging categories to CATS. The
+ value for CATS is an unsigned integer given in usual C-Syntax. A
+ value of of 0 switches to a default category. If this option is
+ not used the categories are taken from the environment variable
+ `ASSUAN_DEBUG'. Note that this option has only an effect if the
+ Assuan debug flag has also been with the option `--debug'. For a
+ list of categories see the Libassuan manual.
+
+`--no-detach'
+ Don't detach the process from the console. This is mainly useful
+ for debugging.
+
+`--log-file FILE'
+ Append all logging output to FILE. This is very helpful in seeing
+ what the agent actually does.
+
+`--pcsc-driver LIBRARY'
+ Use LIBRARY to access the smartcard reader. The current default
+ is `libpcsclite.so'. Instead of using this option you might also
+ want to install a symbolic link to the default file name (e.g.
+ from `libpcsclite.so.1').
+
+`--ctapi-driver LIBRARY'
+ Use LIBRARY to access the smartcard reader. The current default
+ is `libtowitoko.so'. Note that the use of this interface is
+ deprecated; it may be removed in future releases.
+
+`--disable-ccid'
+ Disable the integrated support for CCID compliant readers. This
+ allows to fall back to one of the other drivers even if the
+ internal CCID driver can handle the reader. Note, that CCID
+ support is only available if libusb was available at build time.
+
+`--reader-port NUMBER_OR_STRING'
+ This option may be used to specify the port of the card terminal.
+ A value of 0 refers to the first serial device; add 32768 to
+ access USB devices. The default is 32768 (first USB device).
+ PC/SC or CCID readers might need a string here; run the program in
+ verbose mode to get a list of available readers. The default is
+ then the first reader found.
+
+ To get a list of available CCID readers you may use this command:
+ echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
+
+`--card-timeout N'
+ If N is not 0 and no client is actively using the card, the card
+ will be powered down after N seconds. Powering down the card
+ avoids a potential risk of damaging a card when used with certain
+ cheap readers. This also allows non Scdaemon aware applications to
+ access the card. The disadvantage of using a card timeout is that
+ accessing the card takes longer and that the user needs to enter
+ the PIN again after the next power up.
+
+ Note that with the current version of Scdaemon the card is powered
+ down immediately at the next timer tick for any value of N other
+ than 0.
+
+`--disable-keypad'
+ Even if a card reader features a keypad, do not try to use it.
+
+`--deny-admin'
+ This option disables the use of admin class commands for card
+ applications where this is supported. Currently we support it for
+ the OpenPGP card. This commands is useful to inhibit accidental
+ access to admin class command which could ultimately lock the card
+ through wrong PIN numbers. Note that GnuPG versions older than
+ 2.0.11 featured an `--allow-admin' command which was required to
+ use such admin commands. This option has no more effect today
+ because the default is now to allow admin commands.
+
+`--disable-application NAME'
+ This option disables the use of the card application named NAME.
+ This is mainly useful for debugging or if a application with lower
+ priority should be used by default.
+
+
+ All the long options may also be given in the configuration file
+after stripping off the two leading dashes.
+
+
+File: gnupg.info, Node: Card applications, Next: Scdaemon Configuration, Prev: Scdaemon Options, Up: Invoking SCDAEMON
+
+5.3 Description of card applications
+====================================
+
+`scdaemon' supports the card applications as described below.
+
+* Menu:
+
+* OpenPGP Card:: The OpenPGP card application
+* NKS Card:: The Telesec NetKey card application
+* DINSIG Card:: The DINSIG card application
+* PKCS#15 Card:: The PKCS#15 card application
+* Geldkarte Card:: The Geldkarte application
+* Undefined Card:: The Undefined stub application
+
+
+File: gnupg.info, Node: OpenPGP Card, Next: NKS Card, Up: Card applications
+
+5.3.1 The OpenPGP card application "openpgp"
+--------------------------------------------
+
+This application is currently only used by `gpg' but may in future also
+be useful with `gpgsm'. Version 1 and version 2 of the card is
+supported.
+
+ The specifications for these cards are available at
+`http://g10code.com/docs/openpgp-card-1.0.pdf' and
+`http://g10code.com/docs/openpgp-card-2.0.pdf'.
+
+
+File: gnupg.info, Node: NKS Card, Next: DINSIG Card, Prev: OpenPGP Card, Up: Card applications
+
+5.3.2 The Telesec NetKey card "nks"
+-----------------------------------
+
+This is the main application of the Telesec cards as available in
+Germany. It is a superset of the German DINSIG card. The card is used
+by `gpgsm'.
+
+
+File: gnupg.info, Node: DINSIG Card, Next: PKCS#15 Card, Prev: NKS Card, Up: Card applications
+
+5.3.3 The DINSIG card application "dinsig"
+------------------------------------------
+
+This is an application as described in the German draft standard _DIN V
+66291-1_. It is intended to be used by cards supporting the German
+signature law and its bylaws (SigG and SigV).
+
+
+File: gnupg.info, Node: PKCS#15 Card, Next: Geldkarte Card, Prev: DINSIG Card, Up: Card applications
+
+5.3.4 The PKCS#15 card application "p15"
+----------------------------------------
+
+This is common framework for smart card applications. It is used by
+`gpgsm'.
+
+
+File: gnupg.info, Node: Geldkarte Card, Next: Undefined Card, Prev: PKCS#15 Card, Up: Card applications
+
+5.3.5 The Geldkarte card application "geldkarte"
+------------------------------------------------
+
+This is a simple application to display information of a German
+Geldkarte. The Geldkarte is a small amount debit card application which
+comes with almost all German banking cards.
+
+
+File: gnupg.info, Node: Undefined Card, Prev: Geldkarte Card, Up: Card applications
+
+5.3.6 The Undefined card application "undefined"
+------------------------------------------------
+
+This is a stub application to allow the use of the APDU command even if
+no supported application is found on the card. This application is not
+used automatically but must be explicitly requested using the SERIALNO
+command.
+
+
+File: gnupg.info, Node: Scdaemon Configuration, Next: Scdaemon Examples, Prev: Card applications, Up: Invoking SCDAEMON
+
+5.4 Configuration files
+=======================
+
+There are a few configuration files to control certain aspects of
+`scdaemons''s operation. Unless noted, they are expected in the current
+home directory (*note option --homedir::).
+
+`scdaemon.conf'
+ This is the standard configuration file read by `scdaemon' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This default name may be changed on the command line (*note option
+ --options::).
+
+`scd-event'
+ If this file is present and executable, it will be called on veyer
+ card reader's status changed. An example of this script is
+ provided with the distribution
+
+`reader_N.status'
+ This file is created by `sdaemon' to let other applications now
+ about reader status changes. Its use is now deprecated in favor of
+ `scd-event'.
+
+
+
+File: gnupg.info, Node: Scdaemon Examples, Next: Scdaemon Protocol, Prev: Scdaemon Configuration, Up: Invoking SCDAEMON
+
+5.5 Examples
+============
+
+ $ scdaemon --server -v
+
+
+File: gnupg.info, Node: Scdaemon Protocol, Prev: Scdaemon Examples, Up: Invoking SCDAEMON
+
+5.6 Scdaemon's Assuan Protocol
+==============================
+
+The SC-Daemon should be started by the system to provide access to
+external tokens. Using Smartcards on a multi-user system does not make
+much sense expect for system services, but in this case no regular user
+accounts are hosted on the machine.
+
+ A client connects to the SC-Daemon by connecting to the socket named
+`/var/run/scdaemon/socket', configuration information is read from
+/ETC/SCDAEMON.CONF
+
+ Each connection acts as one session, SC-Daemon takes care of
+synchronizing access to a token between sessions.
+
+* Menu:
+
+* Scdaemon SERIALNO:: Return the serial number.
+* Scdaemon LEARN:: Read all useful information from the card.
+* Scdaemon READCERT:: Return a certificate.
+* Scdaemon READKEY:: Return a public key.
+* Scdaemon PKSIGN:: Signing data with a Smartcard.
+* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard.
+* Scdaemon GETATTR:: Read an attribute's value.
+* Scdaemon SETATTR:: Update an attribute's value.
+* Scdaemon WRITEKEY:: Write a key to a card.
+* Scdaemon GENKEY:: Generate a new key on-card.
+* Scdaemon RANDOM:: Return random bytes generate on-card.
+* Scdaemon PASSWD:: Change PINs.
+* Scdaemon CHECKPIN:: Perform a VERIFY operation.
+* Scdaemon RESTART:: Restart connection
+* Scdaemon APDU:: Send a verbatim APDU to the card
+
+
+File: gnupg.info, Node: Scdaemon SERIALNO, Next: Scdaemon LEARN, Up: Scdaemon Protocol
+
+5.6.1 Return the serial number
+------------------------------
+
+This command should be used to check for the presence of a card. It is
+special in that it can be used to reset the card. Most other commands
+will return an error when a card change has been detected and the use of
+this function is therefore required.
+
+ Background: We want to keep the client clear of handling card changes
+between operations; i.e. the client can assume that all operations are
+done on the same card unless he call this function.
+
+ SERIALNO
+
+ Return the serial number of the card using a status response like:
+
+ S SERIALNO D27600000000000000000000 0
+
+ The trailing 0 should be ignored for now, it is reserved for a future
+extension. The serial number is the hex encoded value identified by
+the `0x5A' tag in the GDO file (FIX=0x2F02).
+
+
+File: gnupg.info, Node: Scdaemon LEARN, Next: Scdaemon READCERT, Prev: Scdaemon SERIALNO, Up: Scdaemon Protocol
+
+5.6.2 Read all useful information from the card
+-----------------------------------------------
+
+ LEARN [--force]
+
+ Learn all useful information of the currently inserted card. When
+used without the force options, the command might do an INQUIRE like
+this:
+
+ INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
+
+ The client should just send an `END' if the processing should go on
+or a `CANCEL' to force the function to terminate with a cancel error
+message. The response of this command is a list of status lines
+formatted as this:
+
+ S KEYPAIRINFO HEXSTRING_WITH_KEYGRIP HEXSTRING_WITH_ID
+
+ If there is no certificate yet stored on the card a single "X" is
+returned in HEXSTRING_WITH_KEYGRIP.
+
+
+File: gnupg.info, Node: Scdaemon READCERT, Next: Scdaemon READKEY, Prev: Scdaemon LEARN, Up: Scdaemon Protocol
+
+5.6.3 Return a certificate
+--------------------------
+
+ READCERT HEXIFIED_CERTID|KEYID
+
+ This function is used to read a certificate identified by
+HEXIFIED_CERTID from the card. With OpenPGP cards the keyid
+`OpenPGP.3' may be used to rad the certificate of version 2 cards.
+
+
+File: gnupg.info, Node: Scdaemon READKEY, Next: Scdaemon PKSIGN, Prev: Scdaemon READCERT, Up: Scdaemon Protocol
+
+5.6.4 Return a public key
+-------------------------
+
+ READKEY HEXIFIED_CERTID
+
+ Return the public key for the given cert or key ID as an standard
+S-Expression.
+
+
+File: gnupg.info, Node: Scdaemon PKSIGN, Next: Scdaemon PKDECRYPT, Prev: Scdaemon READKEY, Up: Scdaemon Protocol
+
+5.6.5 Signing data with a Smartcard
+-----------------------------------
+
+To sign some data the caller should use the command
+
+ SETDATA HEXSTRING
+
+ to tell `scdaemon' about the data to be signed. The data must be
+given in hex notation. The actual signing is done using the command
+
+ PKSIGN KEYID
+
+ where KEYID is the hexified ID of the key to be used. The key id
+may have been retrieved using the command `LEARN'. If another hash
+algorithm than SHA-1 is used, that algorithm may be given like:
+
+ PKSIGN --hash=ALGONAME KEYID
+
+ With ALGONAME are one of `sha1', `rmd160' or `md5'.
+
+
+File: gnupg.info, Node: Scdaemon PKDECRYPT, Next: Scdaemon GETATTR, Prev: Scdaemon PKSIGN, Up: Scdaemon Protocol
+
+5.6.6 Decrypting data with a Smartcard
+--------------------------------------
+
+To decrypt some data the caller should use the command
+
+ SETDATA HEXSTRING
+
+ to tell `scdaemon' about the data to be decrypted. The data must be
+given in hex notation. The actual decryption is then done using the
+command
+
+ PKDECRYPT KEYID
+
+ where KEYID is the hexified ID of the key to be used.
+
+
+File: gnupg.info, Node: Scdaemon GETATTR, Next: Scdaemon SETATTR, Prev: Scdaemon PKDECRYPT, Up: Scdaemon Protocol
+
+5.6.7 Read an attribute's value.
+--------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon SETATTR, Next: Scdaemon WRITEKEY, Prev: Scdaemon GETATTR, Up: Scdaemon Protocol
+
+5.6.8 Update an attribute's value.
+----------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon WRITEKEY, Next: Scdaemon GENKEY, Prev: Scdaemon SETATTR, Up: Scdaemon Protocol
+
+5.6.9 Write a key to a card.
+----------------------------
+
+ WRITEKEY [--force] KEYID
+
+ This command is used to store a secret key on a smartcard. The
+allowed keyids depend on the currently selected smartcard application.
+The actual keydata is requested using the inquiry `KEYDATA' and need to
+be provided without any protection. With `--force' set an existing key
+under this KEYID will get overwritten. The key data is expected to be
+the usual canonical encoded S-expression.
+
+ A PIN will be requested in most cases. This however depends on the
+actual card application.
+
+
+File: gnupg.info, Node: Scdaemon GENKEY, Next: Scdaemon RANDOM, Prev: Scdaemon WRITEKEY, Up: Scdaemon Protocol
+
+5.6.10 Generate a new key on-card.
+----------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon RANDOM, Next: Scdaemon PASSWD, Prev: Scdaemon GENKEY, Up: Scdaemon Protocol
+
+5.6.11 Return random bytes generate on-card.
+--------------------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon PASSWD, Next: Scdaemon CHECKPIN, Prev: Scdaemon RANDOM, Up: Scdaemon Protocol
+
+5.6.12 Change PINs.
+-------------------
+
+ PASSWD [--reset] [--nullpin] CHVNO
+
+ Change the PIN or reset the retry counter of the card holder
+verification vector number CHVNO. The option `--nullpin' is used to
+initialize the PIN of TCOS cards (6 byte NullPIN only).
+
+
+File: gnupg.info, Node: Scdaemon CHECKPIN, Next: Scdaemon RESTART, Prev: Scdaemon PASSWD, Up: Scdaemon Protocol
+
+5.6.13 Perform a VERIFY operation.
+----------------------------------
+
+ CHECKPIN IDSTR
+
+ Perform a VERIFY operation without doing anything else. This may be
+used to initialize a the PIN cache earlier to long lasting operations.
+Its use is highly application dependent:
+
+*OpenPGP*
+ Perform a simple verify operation for CHV1 and CHV2, so that
+ further operations won't ask for CHV2 and it is possible to do a
+ cheap check on the PIN: If there is something wrong with the PIN
+ entry system, only the regular CHV will get blocked and not the
+ dangerous CHV3. IDSTR is the usual card's serial number in hex
+ notation; an optional fingerprint part will get ignored.
+
+ There is however a special mode if IDSTR is suffixed with the
+ literal string `[CHV3]': In this case the Admin PIN is checked if
+ and only if the retry counter is still at 3.
+
+
+
+File: gnupg.info, Node: Scdaemon RESTART, Next: Scdaemon APDU, Prev: Scdaemon CHECKPIN, Up: Scdaemon Protocol
+
+5.6.14 Perform a RESTART operation.
+-----------------------------------
+
+ RESTART
+
+ Restart the current connection; this is a kind of warm reset. It
+deletes the context used by this connection but does not actually reset
+the card.
+
+ This is used by gpg-agent to reuse a primary pipe connection and may
+be used by clients to backup from a conflict in the serial command;
+i.e. to select another application.
+
+
+File: gnupg.info, Node: Scdaemon APDU, Prev: Scdaemon RESTART, Up: Scdaemon Protocol
+
+5.6.15 Send a verbatim APDU to the card.
+----------------------------------------
+
+ APDU [--atr] [--more] [--exlen[=N]] [HEXSTRING]
+
+ Send an APDU to the current reader. This command bypasses the high
+level functions and sends the data directly to the card. HEXSTRING is
+expected to be a proper APDU. If HEXSTRING is not given no commands
+are send to the card; However the command will implicitly check whether
+the card is ready for use.
+
+ Using the option `--atr' returns the ATR of the card as a status
+message before any data like this:
+ S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
+
+ Using the option `--more' handles the card status word MORE_DATA
+(61xx) and concatenate all responses to one block.
+
+ Using the option `--exlen' the returned APDU may use extended length
+up to N bytes. If N is not given a default value is used (currently
+4096).
+
+
+File: gnupg.info, Node: Specify a User ID, Next: Helper Tools, Prev: Invoking SCDAEMON, Up: Top
+
+6 How to Specify a User Id
+**************************
+
+There are different ways to specify a user ID to GnuPG. Some of them
+are only valid for `gpg' others are only good for `gpgsm'. Here is the
+entire list of ways to specify a key:
+
+ * By key Id. This format is deduced from the length of the string
+ and its content or `0x' prefix. The key Id of an X.509 certificate
+ are the low 64 bits of its SHA-1 fingerprint. The use of key Ids
+ is just a shortcut, for all automated processing the fingerprint
+ should be used.
+
+ When using `gpg' an exclamation mark (!) may be appended to force
+ using the specified primary or secondary key and not to try and
+ calculate which primary or secondary key to use.
+
+ The last four lines of the example give the key ID in their long
+ form as internally used by the OpenPGP protocol. You can see the
+ long key ID using the option `--with-colons'.
+
+ 234567C4
+ 0F34E556E
+ 01347A56A
+ 0xAB123456
+
+ 234AABBCC34567C4
+ 0F323456784E56EAB
+ 01AB3FED1347A5612
+ 0x234AABBCC34567C4
+
+ * By fingerprint. This format is deduced from the length of the
+ string and its content or the `0x' prefix. Note, that only the 20
+ byte version fingerprint is available with `gpgsm' (i.e. the SHA-1
+ hash of the certificate).
+
+ When using `gpg' an exclamation mark (!) may be appended to force
+ using the specified primary or secondary key and not to try and
+ calculate which primary or secondary key to use.
+
+ The best way to specify a key Id is by using the fingerprint. This
+ avoids any ambiguities in case that there are duplicated key IDs.
+
+ 1234343434343434C434343434343434
+ 123434343434343C3434343434343734349A3434
+ 0E12343434343434343434EAB3484343434343434
+ 0xE12343434343434343434EAB3484343434343434
+
+ (`gpgsm' also accepts colons between each pair of hexadecimal
+ digits because this is the de-facto standard on how to present
+ X.509 fingerprints.)
+
+ * By exact match on OpenPGP user ID. This is denoted by a leading
+ equal sign. It does not make sense for X.509 certificates.
+
+ =Heinrich Heine <heinrichh@uni-duesseldorf.de>
+
+ * By exact match on an email address. This is indicated by
+ enclosing the email address in the usual way with left and right
+ angles.
+
+ <heinrichh@uni-duesseldorf.de>
+
+ * By word match. All words must match exactly (not case sensitive)
+ but can appear in any order in the user ID or a subjects name.
+ Words are any sequences of letters, digits, the underscore and all
+ characters with bit 7 set.
+
+ +Heinrich Heine duesseldorf
+
+ * By exact match on the subject's DN. This is indicated by a
+ leading slash, directly followed by the RFC-2253 encoded DN of the
+ subject. Note that you can't use the string printed by "gpgsm
+ -list-keys" because that one as been reordered and modified for
+ better readability; use -with-colons to print the raw (but standard
+ escaped) RFC-2253 string
+
+ /CN=Heinrich Heine,O=Poets,L=Paris,C=FR
+
+ * By exact match on the issuer's DN. This is indicated by a leading
+ hash mark, directly followed by a slash and then directly followed
+ by the rfc2253 encoded DN of the issuer. This should return the
+ Root cert of the issuer. See note above.
+
+ #/CN=Root Cert,O=Poets,L=Paris,C=FR
+
+ * By exact match on serial number and issuer's DN. This is
+ indicated by a hash mark, followed by the hexadecimal
+ representation of the serial number, then followed by a slash and
+ the RFC-2253 encoded DN of the issuer. See note above.
+
+ #4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
+
+ * By keygrip This is indicated by an ampersand followed by the 40
+ hex digits of a keygrip. `gpgsm' prints the keygrip when using
+ the command `--dump-cert'. It does not yet work for OpenPGP keys.
+
+ &D75F22C3F86E355877348498CDC92BD21010A480
+
+ * By substring match. This is the default mode but applications may
+ want to explicitly indicate this by putting the asterisk in front.
+ Match is not case sensitive.
+
+ Heine
+ *Heine
+
+
+ Please note that we have reused the hash mark identifier which was
+used in old GnuPG versions to indicate the so called local-id. It is
+not anymore used and there should be no conflict when used with X.509
+stuff.
+
+ Using the RFC-2253 format of DNs has the drawback that it is not
+possible to map them back to the original encoding, however we don't
+have to do this because our key database stores this encoding as meta
+data.
+
+
+File: gnupg.info, Node: Helper Tools, Next: Howtos, Prev: Specify a User ID, Up: Top
+
+7 Helper Tools
+**************
+
+GnuPG comes with a couple of smaller tools:
+
+* Menu:
+
+* watchgnupg:: Read logs from a socket.
+* gpgv:: Verify OpenPGP signatures.
+* addgnupghome:: Create .gnupg home directories.
+* gpgconf:: Modify .gnupg home directories.
+* applygnupgdefaults:: Run gpgconf for all users.
+* gpgsm-gencert.sh:: Generate an X.509 certificate request.
+* gpg-preset-passphrase:: Put a passphrase into the cache.
+* gpg-connect-agent:: Communicate with a running agent.
+* gpgparsemail:: Parse a mail message into an annotated format
+* symcryptrun:: Call a simple symmetric encryption tool.
+* gpg-zip:: Encrypt or sign files into an archive.
+
+
+File: gnupg.info, Node: watchgnupg, Next: gpgv, Up: Helper Tools
+
+7.1 Read logs from a socket
+===========================
+
+Most of the main utilities are able to write their log files to a Unix
+Domain socket if configured that way. `watchgnupg' is a simple
+listener for such a socket. It ameliorates the output with a time stamp
+and makes sure that long lines are not interspersed with log output from
+other utilities. This tool is not available for Windows.
+
+`watchgnupg' is commonly invoked as
+
+ watchgnupg --force ~/.gnupg/S.log
+
+This starts it on the current terminal for listening on the socket
+`~/.gnupg/S.log'.
+
+`watchgnupg' understands these options:
+
+`--force'
+ Delete an already existing socket file.
+
+`--tcp N'
+ Instead of reading from a local socket, listen for connects on TCP
+ port N.
+
+`--verbose'
+ Enable extra informational output.
+
+`--version'
+ Print version of the program and exit.
+
+`--help'
+ Display a brief help page and exit.
+
+
+
+Examples
+********
+
+ $ watchgnupg --force /home/foo/.gnupg/S.log
+
+ This waits for connections on the local socket
+`/home/foo/.gnupg/S.log' and shows all log entries. To make this work
+the option `log-file' needs to be used with all modules which logs are
+to be shown. The value for that option must be given with a special
+prefix (e.g. in the conf file):
+
+ log-file socket:///home/foo/.gnupg/S.log
+
+ For debugging purposes it is also possible to do remote logging.
+Take care if you use this feature because the information is send in the
+clear over the network. Use this syntax in the conf files:
+
+ log-file tcp://192.168.1.1:4711
+
+ You may use any port and not just 4711 as shown above; only IP
+addresses are supported (v4 and v6) and no host names. You need to
+start `watchgnupg' with the `tcp' option. Note that under Windows the
+registry entry HKCU\SOFTWARE\GNU\GNUPG:DEFAULTLOGFILE can be used to
+change the default log output from `stderr' to whatever is given by
+that entry. However the only useful entry is a TCP name for remote
+debugging.
+
+
+File: gnupg.info, Node: gpgv, Next: addgnupghome, Prev: watchgnupg, Up: Helper Tools
+
+7.2 Verify OpenPGP signatures
+=============================
+
+ `gpgv2' is an OpenPGP signature verification tool.
+
+ This program is actually a stripped-down version of `gpg' which is
+only able to check signatures. It is somewhat smaller than the
+fully-blown `gpg' and uses a different (and simpler) way to check that
+the public keys used to make the signature are valid. There are no
+configuration files and only a few options are implemented.
+
+ `gpgv2' assumes that all keys in the keyring are trustworthy. By
+default it uses a keyring named `trustedkeys.gpg' which is assumed to
+be in the home directory as defined by GnuPG or set by an option or an
+environment variable. An option may be used to specify another keyring
+or even multiple keyrings.
+
+
+
+ `gpgv2' recognizes these options:
+
+`--verbose'
+`-v'
+ Gives more information during processing. If used twice, the input
+ data is listed in detail.
+
+`--quiet'
+`-q'
+ Try to be as quiet as possible.
+
+`--keyring FILE'
+ Add FILE to the list of keyrings. If FILE begins with a tilde and
+ a slash, these are replaced by the HOME directory. If the filename
+ does not contain a slash, it is assumed to be in the
+ home-directory ("~/.gnupg" if -homedir is not used).
+
+`--status-fd N'
+ Write special status strings to the file descriptor N. See the
+ file DETAILS in the documentation for a listing of them.
+
+`--logger-fd `n''
+ Write log output to file descriptor `n' and not to stderr.
+
+`--ignore-time-conflict'
+ GnuPG normally checks that the timestamps associated with keys and
+ signatures have plausible values. However, sometimes a signature
+ seems to be older than the key due to clock problems. This option
+ turns these checks into warnings.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+
+ The program returns 0 if everything is fine, 1 if at least one
+signature was bad, and other error codes for fatal errors.
+
+7.2.1 Examples
+--------------
+
+gpgv2 `pgpfile'
+gpgv2 `sigfile' [`datafile']
+ Verify the signature of the file. The second form is used for
+ detached signatures, where `sigfile' is the detached signature
+ (either ASCII-armored or binary) and `datafile' contains the
+ signed data; if `datafile' is "-" the signed data is expected on
+ `stdin'; if `datafile' is not given the name of the file holding
+ the signed data is constructed by cutting off the extension
+ (".asc", ".sig" or ".sign") from `sigfile'.
+
+
+7.2.2 Environment
+-----------------
+
+HOME
+ Used to locate the default home directory.
+
+GNUPGHOME
+ If set directory used instead of "~/.gnupg".
+
+
+7.2.3 FILES
+-----------
+
+~/.gnupg/trustedkeys.gpg
+ The default keyring with the allowed keys.
+
+
+ `gpg2'(1)
+
+
+File: gnupg.info, Node: addgnupghome, Next: gpgconf, Prev: gpgv, Up: Helper Tools
+
+7.3 Create .gnupg home directories.
+===================================
+
+If GnuPG is installed on a system with existing user accounts, it is
+sometimes required to populate the GnuPG home directory with existing
+files. Especially a `trustlist.txt' and a keybox with some initial
+certificates are often desired. This scripts help to do this by
+copying all files from `/etc/skel/.gnupg' to the home directories of
+the accounts given on the command line. It takes care not to overwrite
+existing GnuPG home directories.
+
+`addgnupghome' is invoked by root as:
+
+ addgnupghome account1 account2 ... accountn
+
+
+File: gnupg.info, Node: gpgconf, Next: applygnupgdefaults, Prev: addgnupghome, Up: Helper Tools
+
+7.4 Modify .gnupg home directories.
+===================================
+
+The `gpgconf' is a utility to automatically and reasonable safely query
+and modify configuration files in the `.gnupg' home directory. It is
+designed not to be invoked manually by the user, but automatically by
+graphical user interfaces (GUI).(1)
+
+ `gpgconf' provides access to the configuration of one or more
+components of the GnuPG system. These components correspond more or
+less to the programs that exist in the GnuPG framework, like GnuPG,
+GPGSM, DirMngr, etc. But this is not a strict one-to-one relationship.
+Not all configuration options are available through `gpgconf'.
+`gpgconf' provides a generic and abstract method to access the most
+important configuration options that can feasibly be controlled via
+such a mechanism.
+
+ `gpgconf' can be used to gather and change the options available in
+each component, and can also provide their default values. `gpgconf'
+will give detailed type information that can be used to restrict the
+user's input without making an attempt to commit the changes.
+
+ `gpgconf' provides the backend of a configuration editor. The
+configuration editor would usually be a graphical user interface
+program, that allows to display the current options, their default
+values, and allows the user to make changes to the options. These
+changes can then be made active with `gpgconf' again. Such a program
+that uses `gpgconf' in this way will be called GUI throughout this
+section.
+
+* Menu:
+
+* Invoking gpgconf:: List of all commands and options.
+* Format conventions:: Formatting conventions relevant for all commands.
+* Listing components:: List all gpgconf components.
+* Checking programs:: Check all programs know to gpgconf.
+* Listing options:: List all options of a component.
+* Changing options:: Changing options of a component.
+* Listing global options:: List all global options.
+* Files used by gpgconf:: What files are used by gpgconf.
+
+ ---------- Footnotes ----------
+
+ (1) Please note that currently no locking is done, so concurrent
+access should be avoided. There are some precautions to avoid
+corruption with concurrent usage, but results may be inconsistent and
+some changes may get lost. The stateless design makes it difficult to
+provide more guarantees.
+
+
+File: gnupg.info, Node: Invoking gpgconf, Next: Format conventions, Up: gpgconf
+
+7.4.1 Invoking gpgconf
+----------------------
+
+One of the following commands must be given:
+
+`--list-components'
+ List all components. This is the default command used if none is
+ specified.
+
+`--check-programs'
+ List all available backend programs and test whether they are
+ runnable.
+
+`--list-options COMPONENT'
+ List all options of the component COMPONENT.
+
+`--change-options COMPONENT'
+ Change the options of the component COMPONENT.
+
+`--check-options COMPONENT'
+ Check the options for the component COMPONENT.
+
+`--apply-defaults'
+ Update all configuration files with values taken from the global
+ configuration file (usually `/etc/gnupg/gpgconf.conf').
+
+`--list-dirs'
+ Lists the directories used by `gpgconf'. One directory is listed
+ per line, and each line consists of a colon-separated list where
+ the first field names the directory type (for example `sysconfdir')
+ and the second field contains the percent-escaped directory.
+ Although they are not directories, the socket file names used by
+ `gpg-agent' and `dirmngr' are printed as well. Note that the
+ socket file names and the `homedir' lines are the default names
+ and they may be overridden by command line switches.
+
+`--list-config [FILENAME]'
+ List the global configuration file in a colon separated format. If
+ FILENAME is given, check that file instead.
+
+`--check-config [FILENAME]'
+ Run a syntax check on the global configuration file. If FILENAME
+ is given, check that file instead.
+
+`--reload [COMPONENT]'
+ Reload all or the given component. This is basically the same as
+ sending a SIGHUP to the component. Components which don't support
+ reloading are ignored.
+
+`--kill [COMPONENT]'
+ Kill the given component. Components which support killing are
+ gpg-agent and scdaemon. Components which don't support reloading
+ are ignored. Note that as of now reload and kill have the same
+ effect for scdaemon.
+
+
+ The following options may be used:
+
+`-v'
+`--verbose'
+ Outputs additional information while running. Specifically, this
+ extends numerical field values by human-readable descriptions.
+
+`-n'
+`--dry-run'
+ Do not actually change anything. This is currently only
+ implemented for `--change-options' and can be used for testing
+ purposes.
+
+`-r'
+`--runtime'
+ Only used together with `--change-options'. If one of the
+ modified options can be changed in a running daemon process, signal
+ the running daemon to ask it to reparse its configuration file
+ after changing.
+
+ This means that the changes will take effect at run-time, as far as
+ this is possible. Otherwise, they will take effect at the next
+ start of the respective backend programs.
+
+
+
+File: gnupg.info, Node: Format conventions, Next: Listing components, Prev: Invoking gpgconf, Up: gpgconf
+
+7.4.2 Format conventions
+------------------------
+
+Some lines in the output of `gpgconf' contain a list of colon-separated
+fields. The following conventions apply:
+
+ * The GUI program is required to strip off trailing newline and/or
+ carriage return characters from the output.
+
+ * `gpgconf' will never leave out fields. If a certain version
+ provides a certain field, this field will always be present in all
+ `gpgconf' versions from that time on.
+
+ * Future versions of `gpgconf' might append fields to the list. New
+ fields will always be separated from the previously last field by
+ a colon separator. The GUI should be prepared to parse the last
+ field it knows about up until a colon or end of line.
+
+ * Not all fields are defined under all conditions. You are required
+ to ignore the content of undefined fields.
+
+ There are several standard types for the content of a field:
+
+verbatim
+ Some fields contain strings that are not escaped in any way. Such
+ fields are described to be used _verbatim_. These fields will
+ never contain a colon character (for obvious reasons). No
+ de-escaping or other formatting is required to use the field
+ content. This is for easy parsing of the output, when it is known
+ that the content can never contain any special characters.
+
+percent-escaped
+ Some fields contain strings that are described to be
+ _percent-escaped_. Such strings need to be de-escaped before
+ their content can be presented to the user. A percent-escaped
+ string is de-escaped by replacing all occurrences of `%XY' by the
+ byte that has the hexadecimal value `XY'. `X' and `Y' are from
+ the set `0-9a-f'.
+
+localised
+ Some fields contain strings that are described to be _localised_.
+ Such strings are translated to the active language and formatted in
+ the active character set.
+
+unsigned number
+ Some fields contain an _unsigned number_. This number will always
+ fit into a 32-bit unsigned integer variable. The number may be
+ followed by a space, followed by a human readable description of
+ that value (if the verbose option is used). You should ignore
+ everything in the field that follows the number.
+
+signed number
+ Some fields contain a _signed number_. This number will always
+ fit into a 32-bit signed integer variable. The number may be
+ followed by a space, followed by a human readable description of
+ that value (if the verbose option is used). You should ignore
+ everything in the field that follows the number.
+
+boolean value
+ Some fields contain a _boolean value_. This is a number with
+ either the value 0 or 1. The number may be followed by a space,
+ followed by a human readable description of that value (if the
+ verbose option is used). You should ignore everything in the
+ field that follows the number; checking just the first character
+ is sufficient in this case.
+
+option
+ Some fields contain an _option_ argument. The format of an option
+ argument depends on the type of the option and on some flags:
+
+ no argument
+ The simplest case is that the option does not take an
+ argument at all (TYPE `0'). Then the option argument is an
+ unsigned number that specifies how often the option occurs.
+ If the `list' flag is not set, then the only valid number is
+ `1'. Options that do not take an argument never have the
+ `default' or `optional arg' flag set.
+
+ number
+ If the option takes a number argument (ALT-TYPE is `2' or
+ `3'), and it can only occur once (`list' flag is not set),
+ then the option argument is either empty (only allowed if the
+ argument is optional), or it is a number. A number is a
+ string that begins with an optional minus character, followed
+ by one or more digits. The number must fit into an integer
+ variable (unsigned or signed, depending on ALT-TYPE).
+
+ number list
+ If the option takes a number argument and it can occur more
+ than once, then the option argument is either empty, or it is
+ a comma-separated list of numbers as described above.
+
+ string
+ If the option takes a string argument (ALT-TYPE is 1), and it
+ can only occur once (`list' flag is not set) then the option
+ argument is either empty (only allowed if the argument is
+ optional), or it starts with a double quote character (`"')
+ followed by a percent-escaped string that is the argument
+ value. Note that there is only a leading double quote
+ character, no trailing one. The double quote character is
+ only needed to be able to differentiate between no value and
+ the empty string as value.
+
+ string list
+ If the option takes a number argument and it can occur more
+ than once, then the option argument is either empty, or it is
+ a comma-separated list of string arguments as described above.
+
+ The active language and character set are currently determined from
+the locale environment of the `gpgconf' program.
+
+
+File: gnupg.info, Node: Listing components, Next: Checking programs, Prev: Format conventions, Up: gpgconf
+
+7.4.3 Listing components
+------------------------
+
+The command `--list-components' will list all components that can be
+configured with `gpgconf'. Usually, one component will correspond to
+one GnuPG-related program and contain the options of that programs
+configuration file that can be modified using `gpgconf'. However, this
+is not necessarily the case. A component might also be a group of
+selected options from several programs, or contain entirely virtual
+options that have a special effect rather than changing exactly one
+option in one configuration file.
+
+ A component is a set of configuration options that semantically
+belong together. Furthermore, several changes to a component can be
+made in an atomic way with a single operation. The GUI could for
+example provide a menu with one entry for each component, or a window
+with one tabulator sheet per component.
+
+ The command argument `--list-components' lists all available
+components, one per line. The format of each line is:
+
+ `NAME:DESCRIPTION:PGMNAME:'
+
+NAME
+ This field contains a name tag of the component. The name tag is
+ used to specify the component in all communication with `gpgconf'.
+ The name tag is to be used _verbatim_. It is thus not in any
+ escaped format.
+
+DESCRIPTION
+ The _string_ in this field contains a human-readable description
+ of the component. It can be displayed to the user of the GUI for
+ informational purposes. It is _percent-escaped_ and _localized_.
+
+PGMNAME
+ The _string_ in this field contains the absolute name of the
+ program's file. It can be used to unambiguously invoke that
+ program. It is _percent-escaped_.
+
+ Example:
+ $ gpgconf --list-components
+ gpg:GPG for OpenPGP:/usr/local/bin/gpg2:
+ gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:
+ scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:
+ gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:
+ dirmngr:Directory Manager:/usr/local/bin/dirmngr:
+
+
+File: gnupg.info, Node: Checking programs, Next: Listing options, Prev: Listing components, Up: gpgconf
+
+7.4.4 Checking programs
+-----------------------
+
+The command `--check-programs' is similar to `--list-components' but
+works on backend programs and not on components. It runs each program
+to test whether it is installed and runnable. This also includes a
+syntax check of all config file options of the program.
+
+ The command argument `--check-programs' lists all available
+programs, one per line. The format of each line is:
+
+ `NAME:DESCRIPTION:PGMNAME:AVAIL:OKAY:CFGFILE:LINE:ERROR:'
+
+NAME
+ This field contains a name tag of the program which is identical
+ to the name of the component. The name tag is to be used
+ _verbatim_. It is thus not in any escaped format. This field may
+ be empty to indicate a continuation of error descriptions for the
+ last name. The description and pgmname fields are then also empty.
+
+DESCRIPTION
+ The _string_ in this field contains a human-readable description
+ of the component. It can be displayed to the user of the GUI for
+ informational purposes. It is _percent-escaped_ and _localized_.
+
+PGMNAME
+ The _string_ in this field contains the absolute name of the
+ program's file. It can be used to unambiguously invoke that
+ program. It is _percent-escaped_.
+
+AVAIL
+ The _boolean value_ in this field indicates whether the program is
+ installed and runnable.
+
+OKAY
+ The _boolean value_ in this field indicates whether the program's
+ config file is syntactically okay.
+
+CFGFILE
+ If an error occurred in the configuration file (as indicated by a
+ false value in the field `okay'), this field has the name of the
+ failing configuration file. It is _percent-escaped_.
+
+LINE
+ If an error occurred in the configuration file, this field has the
+ line number of the failing statement in the configuration file.
+ It is an _unsigned number_.
+
+ERROR
+ If an error occurred in the configuration file, this field has the
+ error text of the failing statement in the configuration file. It
+ is _percent-escaped_ and _localized_.
+
+
+In the following example the `dirmngr' is not runnable and the
+configuration file of `scdaemon' is not okay.
+
+ $ gpgconf --check-programs
+ gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1:
+ gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1:
+ scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0:
+ gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1:
+ dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0:
+
+The command `--check-options COMPONENT' will verify the configuration
+file in the same manner as `--check-programs', but only for the
+component COMPONENT.
+
+
+File: gnupg.info, Node: Listing options, Next: Changing options, Prev: Checking programs, Up: gpgconf
+
+7.4.5 Listing options
+---------------------
+
+Every component contains one or more options. Options may be gathered
+into option groups to allow the GUI to give visual hints to the user
+about which options are related.
+
+ The command argument `--list-options COMPONENT' lists all options
+(and the groups they belong to) in the component COMPONENT, one per
+line. COMPONENT must be the string in the field NAME in the output of
+the `--list-components' command.
+
+ There is one line for each option and each group. First come all
+options that are not in any group. Then comes a line describing a
+group. Then come all options that belong into each group. Then comes
+the next group and so on. There does not need to be any group (and in
+this case the output will stop after the last non-grouped option).
+
+ The format of each line is:
+
+`NAME:FLAGS:LEVEL:DESCRIPTION:TYPE:ALT-TYPE:ARGNAME:DEFAULT:ARGDEF:VALUE'
+
+NAME
+ This field contains a name tag for the group or option. The name
+ tag is used to specify the group or option in all communication
+ with `gpgconf'. The name tag is to be used _verbatim_. It is
+ thus not in any escaped format.
+
+FLAGS
+ The flags field contains an _unsigned number_. Its value is the
+ OR-wise combination of the following flag values:
+
+ `group (1)'
+ If this flag is set, this is a line describing a group and
+ not an option.
+
+ The following flag values are only defined for options (that is, if
+ the `group' flag is not used).
+
+ `optional arg (2)'
+ If this flag is set, the argument is optional. This is never
+ set for TYPE `0' (none) options.
+
+ `list (4)'
+ If this flag is set, the option can be given multiple times.
+
+ `runtime (8)'
+ If this flag is set, the option can be changed at runtime.
+
+ `default (16)'
+ If this flag is set, a default value is available.
+
+ `default desc (32)'
+ If this flag is set, a (runtime) default is available. This
+ and the `default' flag are mutually exclusive.
+
+ `no arg desc (64)'
+ If this flag is set, and the `optional arg' flag is set, then
+ the option has a special meaning if no argument is given.
+
+ `no change (128)'
+ If this flag is set, gpgconf ignores requests to change the
+ value. GUI frontends should grey out this option. Note,
+ that manual changes of the configuration files are still
+ possible.
+
+LEVEL
+ This field is defined for options and for groups. It contains an
+ _unsigned number_ that specifies the expert level under which this
+ group or option should be displayed. The following expert levels
+ are defined for options (they have analogous meaning for groups):
+
+ `basic (0)'
+ This option should always be offered to the user.
+
+ `advanced (1)'
+ This option may be offered to advanced users.
+
+ `expert (2)'
+ This option should only be offered to expert users.
+
+ `invisible (3)'
+ This option should normally never be displayed, not even to
+ expert users.
+
+ `internal (4)'
+ This option is for internal use only. Ignore it.
+
+ The level of a group will always be the lowest level of all
+ options it contains.
+
+DESCRIPTION
+ This field is defined for options and groups. The _string_ in
+ this field contains a human-readable description of the option or
+ group. It can be displayed to the user of the GUI for
+ informational purposes. It is _percent-escaped_ and _localized_.
+
+TYPE
+ This field is only defined for options. It contains an _unsigned
+ number_ that specifies the type of the option's argument, if any.
+ The following types are defined:
+
+ Basic types:
+
+ `none (0)'
+ No argument allowed.
+
+ `string (1)'
+ An _unformatted string_.
+
+ `int32 (2)'
+ A _signed number_.
+
+ `uint32 (3)'
+ An _unsigned number_.
+
+ Complex types:
+
+ `pathname (32)'
+ A _string_ that describes the pathname of a file. The file
+ does not necessarily need to exist.
+
+ `ldap server (33)'
+ A _string_ that describes an LDAP server in the format:
+
+ `HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN'
+
+ `key fingerprint (34)'
+ A _string_ with a 40 digit fingerprint specifying a
+ certificate.
+
+ `pub key (35)'
+ A _string_ that describes a certificate by user ID, key ID or
+ fingerprint.
+
+ `sec key (36)'
+ A _string_ that describes a certificate with a key by user ID,
+ key ID or fingerprint.
+
+ `alias list (37)'
+ A _string_ that describes an alias list, like the one used
+ with gpg's group option. The list consists of a key, an
+ equal sign and space separated values.
+
+ More types will be added in the future. Please see the ALT-TYPE
+ field for information on how to cope with unknown types.
+
+ALT-TYPE
+ This field is identical to TYPE, except that only the types `0' to
+ `31' are allowed. The GUI is expected to present the user the
+ option in the format specified by TYPE. But if the argument type
+ TYPE is not supported by the GUI, it can still display the option
+ in the more generic basic type ALT-TYPE. The GUI must support all
+ the defined basic types to be able to display all options. More
+ basic types may be added in future versions. If the GUI
+ encounters a basic type it doesn't support, it should report an
+ error and abort the operation.
+
+ARGNAME
+ This field is only defined for options with an argument type TYPE
+ that is not `0'. In this case it may contain a _percent-escaped_
+ and _localised string_ that gives a short name for the argument.
+ The field may also be empty, though, in which case a short name is
+ not known.
+
+DEFAULT
+ This field is defined only for options for which the `default' or
+ `default desc' flag is set. If the `default' flag is set, its
+ format is that of an _option argument_ (*Note Format
+ conventions::, for details). If the default value is empty, then
+ no default is known. Otherwise, the value specifies the default
+ value for this option. If the `default desc' flag is set, the
+ field is either empty or contains a description of the effect if
+ the option is not given.
+
+ARGDEF
+ This field is defined only for options for which the `optional
+ arg' flag is set. If the `no arg desc' flag is not set, its
+ format is that of an _option argument_ (*Note Format
+ conventions::, for details). If the default value is empty, then
+ no default is known. Otherwise, the value specifies the default
+ argument for this option. If the `no arg desc' flag is set, the
+ field is either empty or contains a description of the effect of
+ this option if no argument is given.
+
+VALUE
+ This field is defined only for options. Its format is that of an
+ _option argument_. If it is empty, then the option is not
+ explicitly set in the current configuration, and the default
+ applies (if any). Otherwise, it contains the current value of the
+ option. Note that this field is also meaningful if the option
+ itself does not take a real argument (in this case, it contains
+ the number of times the option appears).
+
+
+File: gnupg.info, Node: Changing options, Next: Listing global options, Prev: Listing options, Up: gpgconf
+
+7.4.6 Changing options
+----------------------
+
+The command `--change-options COMPONENT' will attempt to change the
+options of the component COMPONENT to the specified values. COMPONENT
+must be the string in the field NAME in the output of the
+`--list-components' command. You have to provide the options that
+shall be changed in the following format on standard input:
+
+ `NAME:FLAGS:NEW-VALUE'
+
+NAME
+ This is the name of the option to change. NAME must be the string
+ in the field NAME in the output of the `--list-options' command.
+
+FLAGS
+ The flags field contains an _unsigned number_. Its value is the
+ OR-wise combination of the following flag values:
+
+ `default (16)'
+ If this flag is set, the option is deleted and the default
+ value is used instead (if applicable).
+
+NEW-VALUE
+ The new value for the option. This field is only defined if the
+ `default' flag is not set. The format is that of an _option
+ argument_. If it is empty (or the field is omitted), the default
+ argument is used (only allowed if the argument is optional for this
+ option). Otherwise, the option will be set to the specified value.
+
+The output of the command is the same as that of `--check-options' for
+the modified configuration file.
+
+ Examples:
+
+ To set the force option, which is of basic type `none (0)':
+
+ $ echo 'force:0:1' | gpgconf --change-options dirmngr
+
+ To delete the force option:
+
+ $ echo 'force:16:' | gpgconf --change-options dirmngr
+
+ The `--runtime' option can influence when the changes take effect.
+
+
+File: gnupg.info, Node: Listing global options, Next: Files used by gpgconf, Prev: Changing options, Up: gpgconf
+
+7.4.7 Listing global options
+----------------------------
+
+Sometimes it is useful for applications to look at the global options
+file `gpgconf.conf'. The colon separated listing format is record
+oriented and uses the first field to identify the record type:
+
+`k'
+ This describes a key record to start the definition of a new
+ ruleset for a user/group. The format of a key record is:
+
+ `k:USER:GROUP:'
+
+ USER
+ This is the user field of the key. It is percent escaped.
+ See the definition of the gpgconf.conf format for details.
+
+ GROUP
+ This is the group field of the key. It is percent escaped.
+
+`r'
+ This describes a rule record. All rule records up to the next key
+ record make up a rule set for that key. The format of a rule
+ record is:
+
+ `r:::COMPONENT:OPTION:FLAGS:VALUE:'
+
+ COMPONENT
+ This is the component part of a rule. It is a plain string.
+
+ OPTION
+ This is the option part of a rule. It is a plain string.
+
+ FLAG
+ This is the flags part of a rule. There may be only one flag
+ per rule but by using the same component and option, several
+ flags may be assigned to an option. It is a plain string.
+
+ VALUE
+ This is the optional value for the option. It is a percent
+ escaped string with a single quotation mark to indicate a
+ string. The quotation mark is only required to distinguish
+ between no value specified and an empty string.
+
+
+Unknown record types should be ignored. Note that there is
+intentionally no feature to change the global option file through
+`gpgconf'.
+
+
+File: gnupg.info, Node: Files used by gpgconf, Prev: Listing global options, Up: gpgconf
+
+7.4.8 Files used by gpgconf
+---------------------------
+
+`/etc/gnupg/gpgconf.conf'
+ If this file exists, it is processed as a global configuration
+ file. A commented example can be found in the `examples'
+ directory of the distribution.
+
+
+File: gnupg.info, Node: applygnupgdefaults, Next: gpgsm-gencert.sh, Prev: gpgconf, Up: Helper Tools
+
+7.5 Run gpgconf for all users.
+==============================
+
+This script is a wrapper around `gpgconf' to run it with the command
+`--apply-defaults' for all real users with an existing GnuPG home
+directory. Admins might want to use this script to update he GnuPG
+configuration files for all users after `/etc/gnupg/gpgconf.conf' has
+been changed. This allows to enforce certain policies for all users.
+Note, that this is not a bulletproof of forcing a user to use certain
+options. A user may always directly edit the configuration files and
+bypass gpgconf.
+
+`applygnupgdefaults' is invoked by root as:
+
+ applygnupgdefaults
+
+
+File: gnupg.info, Node: gpgsm-gencert.sh, Next: gpg-preset-passphrase, Prev: applygnupgdefaults, Up: Helper Tools
+
+7.6 Generate an X.509 certificate request
+=========================================
+
+This is a simple tool to interactively generate a certificate request
+which will be printed to stdout.
+
+`gpgsm-gencert.sh' is invoked as:
+
+ `gpgsm-cencert.sh'
+
+
+File: gnupg.info, Node: gpg-preset-passphrase, Next: gpg-connect-agent, Prev: gpgsm-gencert.sh, Up: Helper Tools
+
+7.7 Put a passphrase into the cache.
+====================================
+
+The `gpg-preset-passphrase' is a utility to seed the internal cache of
+a running `gpg-agent' with passphrases. It is mainly useful for
+unattended machines, where the usual `pinentry' tool may not be used
+and the passphrases for the to be used keys are given at machine
+startup.
+
+ Passphrases set with this utility don't expire unless the `--forget'
+option is used to explicitly clear them from the cache -- or
+`gpg-agent' is either restarted or reloaded (by sending a SIGHUP to
+it). It is necessary to allow this passphrase presetting by starting
+`gpg-agent' with the `--allow-preset-passphrase'.
+
+* Menu:
+
+* Invoking gpg-preset-passphrase:: List of all commands and options.
+
+
+File: gnupg.info, Node: Invoking gpg-preset-passphrase, Up: gpg-preset-passphrase
+
+7.7.1 List of all commands and options.
+---------------------------------------
+
+`gpg-preset-passphrase' is invoked this way:
+
+ gpg-preset-passphrase [options] [command] CACHEID
+
+ CACHEID is either a 40 character keygrip of hexadecimal characters
+identifying the key for which the passphrase should be set or cleared.
+The keygrip is listed along with the key when running the command:
+`gpgsm --dump-secret-keys'. Alternatively an arbitrary string may be
+used to identify a passphrase; it is suggested that such a string is
+prefixed with the name of the application (e.g `foo:12346').
+
+One of the following command options must be given:
+
+`--preset'
+ Preset a passphrase. This is what you usually will use.
+ `gpg-preset-passphrase' will then read the passphrase from `stdin'.
+
+`--forget'
+ Flush the passphrase for the given cache ID from the cache.
+
+
+The following additional options may be used:
+
+`-v'
+`--verbose'
+ Output additional information while running.
+
+`-P STRING'
+`--passphrase STRING'
+ Instead of reading the passphrase from `stdin', use the supplied
+ STRING as passphrase. Note that this makes the passphrase visible
+ for other users.
+
+
+File: gnupg.info, Node: gpg-connect-agent, Next: gpgparsemail, Prev: gpg-preset-passphrase, Up: Helper Tools
+
+7.8 Communicate with a running agent.
+=====================================
+
+The `gpg-connect-agent' is a utility to communicate with a running
+`gpg-agent'. It is useful to check out the commands gpg-agent provides
+using the Assuan interface. It might also be useful for scripting
+simple applications. Input is expected at stdin and out put gets
+printed to stdout.
+
+ It is very similar to running `gpg-agent' in server mode; but here
+we connect to a running instance.
+
+* Menu:
+
+* Invoking gpg-connect-agent:: List of all options.
+* Controlling gpg-connect-agent:: Control commands.
+
+
+File: gnupg.info, Node: Invoking gpg-connect-agent, Next: Controlling gpg-connect-agent, Up: gpg-connect-agent
+
+7.8.1 List of all options.
+--------------------------
+
+`gpg-connect-agent' is invoked this way:
+
+ gpg-connect-agent [options] [commands]
+
+The following options may be used:
+
+`-v'
+`--verbose'
+ Output additional information while running.
+
+`-q'
+
+`--quiet'
+ Try to be as quiet as possible.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`--agent-program FILE'
+ Specify the agent program to be started if none is running.
+
+`-S'
+`--raw-socket NAME'
+ Connect to socket NAME assuming this is an Assuan style server.
+ Do not run any special initializations or environment checks.
+ This may be used to directly connect to any Assuan style socket
+ server.
+
+`-E'
+`--exec'
+ Take the rest of the command line as a program and it's arguments
+ and execute it as an assuan server. Here is how you would run
+ `gpgsm':
+ gpg-connect-agent --exec gpgsm --server
+ Note that you may not use options on the command line in this case.
+
+`--no-ext-connect'
+ When using `-S' or `--exec', `gpg-connect-agent' connects to the
+ assuan server in extended mode to allow descriptor passing. This
+ option makes it use the old mode.
+
+`--run FILE'
+ Run the commands from FILE at startup and then continue with the
+ regular input method. Note, that commands given on the command
+ line are executed after this file.
+
+`-s'
+`--subst'
+ Run the command `/subst' at startup.
+
+`--hex'
+ Print data lines in a hex format and the ASCII representation of
+ non-control characters.
+
+`--decode'
+ Decode data lines. That is to remove percent escapes but make
+ sure that a new line always starts with a D and a space.
+
+
+
+File: gnupg.info, Node: Controlling gpg-connect-agent, Prev: Invoking gpg-connect-agent, Up: gpg-connect-agent
+
+7.8.2 Control commands.
+-----------------------
+
+While reading Assuan commands, gpg-agent also allows a few special
+commands to control its operation. These control commands all start
+with a slash (`/').
+
+`/echo ARGS'
+ Just print ARGS.
+
+`/let NAME VALUE'
+ Set the variable NAME to VALUE. Variables are only substituted on
+ the input if the `/subst' has been used. Variables are referenced
+ by prefixing the name with a dollar sign and optionally include
+ the name in curly braces. The rules for a valid name are
+ identically to those of the standard bourne shell. This is not yet
+ enforced but may be in the future. When used with curly braces no
+ leading or trailing white space is allowed.
+
+ If a variable is not found, it is searched in the environment and
+ if found copied to the table of variables.
+
+ Variable functions are available: The name of the function must be
+ followed by at least one space and the at least one argument. The
+ following functions are available:
+
+ `get'
+ Return a value described by the argument. Available
+ arguments are:
+
+ `cwd'
+ The current working directory.
+
+ `homedir'
+ The gnupg homedir.
+
+ `sysconfdir'
+ GnuPG's system configuration directory.
+
+ `bindir'
+ GnuPG's binary directory.
+
+ `libdir'
+ GnuPG's library directory.
+
+ `libexecdir'
+ GnuPG's library directory for executable files.
+
+ `datadir'
+ GnuPG's data directory.
+
+ `serverpid'
+ The PID of the current server. Command `/serverpid' must
+ have been given to return a useful value.
+
+ `unescape ARGS'
+ Remove C-style escapes from ARGS. Note that `\0' and `\x00'
+ terminate the returned string implicitly. The string to be
+ converted are the entire arguments right behind the
+ delimiting space of the function name.
+
+ `unpercent ARGS'
+ `unpercent+ ARGS'
+ Remove percent style escaping from ARGS. Note that `%00'
+ terminates the string implicitly. The string to be converted
+ are the entire arguments right behind the delimiting space of
+ the function name. `unpercent+' also maps plus signs to a
+ spaces.
+
+ `percent ARGS'
+ `percent+ ARGS'
+ Escape the ARGS using percent style escaping. Tabs,
+ formfeeds, linefeeds, carriage returns and colons are
+ escaped. `percent+' also maps spaces to plus signs.
+
+ `errcode ARG'
+ `errsource ARG'
+ `errstring ARG'
+ Assume ARG is an integer and evaluate it using `strtol'.
+ Return the gpg-error error code, error source or a formatted
+ string with the error code and error source.
+
+ `+'
+ `-'
+ `*'
+ `/'
+ `%'
+ Evaluate all arguments as long integers using `strtol' and
+ apply this operator. A division by zero yields an empty
+ string.
+
+ `!'
+ `|'
+ `&'
+ Evaluate all arguments as long integers using `strtol' and
+ apply the logical oeprators NOT, OR or AND. The NOT operator
+ works on the last argument only.
+
+
+`/definq NAME VAR'
+ Use content of the variable VAR for inquiries with NAME. NAME may
+ be an asterisk (`*') to match any inquiry.
+
+`/definqfile NAME FILE'
+ Use content of FILE for inquiries with NAME. NAME may be an
+ asterisk (`*') to match any inquiry.
+
+`/definqprog NAME PROG'
+ Run PROG for inquiries matching NAME and pass the entire line to
+ it as command line arguments.
+
+`/datafile NAME'
+ Write all data lines from the server to the file NAME. The file
+ is opened for writing and created if it does not exists. An
+ existing file is first truncated to 0. The data written to the
+ file fully decoded. Using a single dash for NAME writes to
+ stdout. The file is kept open until a new file is set using this
+ command or this command is used without an argument.
+
+`/showdef'
+ Print all definitions
+
+`/cleardef'
+ Delete all definitions
+
+`/sendfd FILE MODE'
+ Open FILE in MODE (which needs to be a valid `fopen' mode string)
+ and send the file descriptor to the server. This is usually
+ followed by a command like `INPUT FD' to set the input source for
+ other commands.
+
+`/recvfd'
+ Not yet implemented.
+
+`/open VAR FILE [MODE]'
+ Open FILE and assign the file descriptor to VAR. Warning: This
+ command is experimental and might change in future versions.
+
+`/close FD'
+ Close the file descriptor FD. Warning: This command is
+ experimental and might change in future versions.
+
+`/showopen'
+ Show a list of open files.
+
+`/serverpid'
+ Send the Assuan command `GETINFO pid' to the server and store the
+ returned PID for internal purposes.
+
+`/sleep'
+ Sleep for a second.
+
+`/hex'
+`/nohex'
+ Same as the command line option `--hex'.
+
+`/decode'
+`/nodecode'
+ Same as the command line option `--decode'.
+
+`/subst'
+`/nosubst'
+ Enable and disable variable substitution. It defaults to disabled
+ unless the command line option `--subst' has been used. If /subst
+ as been enabled once, leading whitespace is removed from input
+ lines which makes scripts easier to read.
+
+`/while CONDITION'
+`/end'
+ These commands provide a way for executing loops. All lines
+ between the `while' and the corresponding `end' are executed as
+ long as the evaluation of CONDITION yields a non-zero value or is
+ the string `true' or `yes'. The evaluation is done by passing
+ CONDITION to the `strtol' function. Example:
+
+ /subst
+ /let i 3
+ /while $i
+ /echo loop couter is $i
+ /let i ${- $i 1}
+ /end
+
+`/if CONDITION'
+`/end'
+ These commands provide a way for conditional execution. All lines
+ between the `if' and the corresponding `end' are executed only if
+ the evaluation of CONDITION yields a non-zero value or is the
+ string `true' or `yes'. The evaluation is done by passing
+ CONDITION to the `strtol' function.
+
+`/run FILE'
+ Run commands from FILE.
+
+`/bye'
+ Terminate the connection and the program
+
+`/help'
+ Print a list of available control commands.
+
+
+
+File: gnupg.info, Node: gpgparsemail, Next: symcryptrun, Prev: gpg-connect-agent, Up: Helper Tools
+
+7.9 Parse a mail message into an annotated format
+=================================================
+
+The `gpgparsemail' is a utility currently only useful for debugging.
+Run it with `--help' for usage information.
+
+
+File: gnupg.info, Node: symcryptrun, Next: gpg-zip, Prev: gpgparsemail, Up: Helper Tools
+
+7.10 Call a simple symmetric encryption tool.
+=============================================
+
+Sometimes simple encryption tools are already in use for a long time and
+there might be a desire to integrate them into the GnuPG framework. The
+protocols and encryption methods might be non-standard or not even
+properly documented, so that a full-fledged encryption tool with an
+interface like gpg is not doable. `symcryptrun' provides a solution:
+It operates by calling the external encryption/decryption module and
+provides a passphrase for a key using the standard `pinentry' based
+mechanism through `gpg-agent'.
+
+ Note, that `symcryptrun' is only available if GnuPG has been
+configured with `--enable-symcryptrun' at build time.
+
+* Menu:
+
+* Invoking symcryptrun:: List of all commands and options.
+
+
+File: gnupg.info, Node: Invoking symcryptrun, Up: symcryptrun
+
+7.10.1 List of all commands and options.
+----------------------------------------
+
+`symcryptrun' is invoked this way:
+
+ symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE
+ [--decrypt | --encrypt] [inputfile]
+
+ For encryption, the plain text must be provided on STDIN or as the
+argument INPUTFILE, and the ciphertext will be output to STDOUT. For
+decryption vice versa.
+
+ CLASS describes the calling conventions of the external tool.
+Currently it must be given as `confucius'. PROGRAM is the full
+filename of that external tool.
+
+ For the class `confucius' the option `--keyfile' is required;
+KEYFILE is the name of a file containing the secret key, which may be
+protected by a passphrase. For detailed calling conventions, see the
+source code.
+
+Note, that `gpg-agent' must be running before starting `symcryptrun'.
+
+The following additional options may be used:
+
+`-v'
+`--verbose'
+ Output additional information while running.
+
+`-q'
+
+`--quiet'
+ Try to be as quiet as possible.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`--log-file FILE'
+ Append all logging output to FILE. Default is to write logging
+ information to STDERR.
+
+
+The possible exit status codes of `symcryptrun' are:
+
+`0'
+ Success.
+
+`1'
+ Some error occured.
+
+`2'
+ No valid passphrase was provided.
+
+`3'
+ The operation was canceled by the user.
+
+
+
+File: gnupg.info, Node: gpg-zip, Prev: symcryptrun, Up: Helper Tools
+
+7.11 Encrypt or sign files into an archive
+==========================================
+
+`gpg-zip' encrypts or signs files into an archive. It is an gpg-ized
+tar using the same format as used by PGP's PGP Zip.
+
+`gpg-zip' is invoked this way:
+
+ gpg-zip [options] FILENAME1 [FILENAME2, ...] DIRECTORY [DIRECTORY2, ...]
+
+`gpg-zip' understands these options:
+
+`--encrypt'
+`-e'
+ Encrypt data. This option may be combined with `--symmetric' (for
+ output that may be decrypted via a secret key or a passphrase).
+
+`--decrypt'
+`-d'
+ Decrypt data.
+
+`--symmetric'
+`-c'
+ Encrypt with a symmetric cipher using a passphrase. The default
+ symmetric cipher used is CAST5, but may be chosen with the
+ `--cipher-algo' option to `gpg'.
+
+`--sign'
+`-s'
+ Make a signature. See `gpg'.
+
+`--recipient USER'
+`-r USER'
+ Encrypt for user id USER. See `gpg'.
+
+`--local-user USER'
+`-u USER'
+ Use USER as the key to sign with. See `gpg'.
+
+`--list-archive'
+ List the contents of the specified archive.
+
+`--output FILE'
+`-o FILE'
+ Write output to specified file FILE.
+
+`--gpg GPGCMD'
+ Use the specified command GPGCMD instead of `gpg'.
+
+`--gpg-args ARGS'
+ Pass the specified options to `gpg'.
+
+`--tar TARCMD'
+ Use the specified command TARCMD instead of `tar'.
+
+`--tar-args ARGS'
+ Pass the specified options to `tar'.
+
+`--version'
+ Print version of the program and exit.
+
+`--help'
+ Display a brief help page and exit.
+
+
+The program returns 0 if everything was fine, 1 otherwise.
+
+Some examples:
+
+Encrypt the contents of directory `mydocs' for user Bob to file `test1':
+
+ gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs
+
+List the contents of archive `test1':
+
+ gpg-zip --list-archive test1
+
+
+File: gnupg.info, Node: Howtos, Next: System Notes, Prev: Helper Tools, Up: Top
+
+8 How to do certain things
+**************************
+
+This is a collection of small howto documents.
+
+* Menu:
+
+* Howto Create a Server Cert:: Creating a TLS server certificate.
+
+
+File: gnupg.info, Node: Howto Create a Server Cert, Up: Howtos
+
+8.1 Creating a TLS server certificate
+=====================================
+
+Here is a brief run up on how to create a server certificate. It has
+actually been done this way to get a certificate from CAcert to be used
+on a real server. It has only been tested with this CA, but there
+shouldn't be any problem to run this against any other CA.
+
+ Before you start, make sure that gpg-agent is running. As there is
+no need for a configuration file, you may simply enter:
+
+ $ gpgsm-gencert.sh >a.p10
+ Key type
+ [1] RSA
+ [2] Existing key
+ [3] Direct from card
+ Your selection: 1
+ You selected: RSA
+
+ I opted for creating a new RSA key. The other option is to use an
+already existing key, by selecting `2' and entering the so-called
+keygrip. Running the command `gpgsm --dump-secret-key USERID' shows
+you this keygrip. Using `3' offers another menu to create a
+certificate directly from a smart card based key.
+
+ Let's continue:
+
+ Key length
+ [1] 1024
+ [2] 2048
+ Your selection: 1
+ You selected: 1024
+
+ The script offers two common key sizes. With the current setup of
+CAcert, it does not make much sense to use a 2k key; their policies need
+to be revised anyway (a CA root key valid for 30 years is not really
+serious).
+
+ Key usage
+ [1] sign, encrypt
+ [2] sign
+ [3] encrypt
+ Your selection: 1
+ You selected: sign, encrypt
+
+ We want to sign and encrypt using this key. This is just a suggestion
+and the CA may actually assign other key capabilities.
+
+ Now for some real data:
+
+ Name (DN)
+ > CN=kerckhoffs.g10code.com
+
+ This is the most important value for a server certificate. Enter here
+the canonical name of your server machine. You may add other virtual
+server names later.
+
+ E-Mail addresses (end with an empty line)
+ >
+
+ We don't need email addresses in a server certificate and CAcert
+would anyway ignore such a request. Thus just hit enter.
+
+ If you want to create a client certificate for email encryption, this
+would be the place to enter your mail address (e.g. <joe@example.org>).
+You may enter as many addresses as you like, however the CA may not
+accept them all or reject the entire request.
+
+ DNS Names (optional; end with an empty line)
+ > www.g10code.com
+ DNS Names (optional; end with an empty line)
+ > ftp.g10code.com
+ DNS Names (optional; end with an empty line)
+ >
+
+ Here I entered the names of the servers which actually run on the
+machine given in the DN above. The browser will accept a certificate for
+any of these names. As usual the CA must approve all of these names.
+
+ URIs (optional; end with an empty line)
+ >
+
+ It is possible to insert arbitrary URIs into a certificate; for a
+server certificate this does not make sense.
+
+ We have now entered all required information and `gpgsm' will
+display what it has gathered and ask whether to create the certificate
+request:
+
+ Parameters for certificate request to create:
+ 1 Key-Type: RSA
+ 2 Key-Length: 1024
+ 3 Key-Usage: sign, encrypt
+ 4 Name-DN: CN=kerckhoffs.g10code.com
+ 5 Name-DNS: www.g10code.com
+ 6 Name-DNS: ftp.g10code.com
+
+ Really create such a CSR?
+ [1] yes
+ [2] no
+ Your selection: 1
+ You selected: yes
+
+ `gpgsm' will now start working on creating the request. As this
+includes the creation of an RSA key it may take a while. During this
+time you will be asked 3 times for a passphrase to protect the created
+private key on your system. A pop up window will appear to ask for it.
+The first two prompts are for the new passphrase and for re-entering it;
+the third one is required to actually create the certificate signing
+request.
+
+ When it is ready, you should see the final notice:
+
+ gpgsm: certificate request created
+
+ Now, you may look at the created request:
+
+ $ cat a.p10
+ -----BEGIN CERTIFICATE REQUEST-----
+ MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB
+ nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg
+ HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS
+ wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm
+ Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP
+ d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD
+ gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA
+ IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0
+ eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw=
+ -----END CERTIFICATE REQUEST-----
+ $
+
+ You may now proceed by logging into your account at the CAcert
+website, choose `Server Certificates - New', check `sign by class 3 root
+certificate', paste the above request block into the text field and
+click on `Submit'.
+
+ If everything works out fine, a certificate will be shown. Now run
+
+ $ gpgsm --import
+
+ and paste the certificate from the CAcert page into your terminal
+followed by a Ctrl-D
+
+ -----BEGIN CERTIFICATE-----
+ MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl
+ cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD
+ ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2
+ MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq
+ hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y
+ ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7
+ 8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y
+ MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
+ BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF
+ oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy
+ dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j
+ b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9
+ aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn
+ W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM
+ fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3
+ mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj
+ NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0
+ 6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U
+ BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3
+ gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha
+ 94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU
+ rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs
+ Rtct3tIX
+ -----END CERTIFICATE-----
+ gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found
+ gpgsm: certificate imported
+
+ gpgsm: total number processed: 1
+ gpgsm: imported: 1
+
+ gpgsm tells you that it has imported the certificate. It is now
+associated with the key you used when creating the request. The root
+certificate has not been found, so you may want to import it from the
+CACert website.
+
+ To see the content of your certificate, you may now enter:
+
+ $ gpgsm -K kerckhoffs.g10code.com
+ /home/foo/.gnupg/pubring.kbx
+ ---------------------------
+ Serial number: 4C
+ Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...]
+ Subject: /CN=kerckhoffs.g10code.com
+ aka: (dns-name www.g10code.com)
+ aka: (dns-name ftp.g10code.com)
+ validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51
+ key type: 1024 bit RSA
+ key usage: digitalSignature keyEncipherment
+ ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
+ fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57
+
+ I used `-K' above because this will only list certificates for which
+a private key is available. To see more details, you may use
+`--dump-secret-keys' instead of `-K'.
+
+ To make actual use of the certificate you need to install it on your
+server. Server software usually expects a PKCS\#12 file with key and
+certificate. To create such a file, run:
+
+ $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem
+
+ You will be asked for the passphrase as well as for a new passphrase
+to be used to protect the PKCS\#12 file. The file now contains the
+certificate as well as the private key:
+
+ $ cat kerckhoffs-cert.pem
+ Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...]
+ Serial ...: 4C
+ Subject ..: /CN=kerckhoffs.g10code.com
+ aka ..: (dns-name www.g10code.com)
+ aka ..: (dns-name ftp.g10code.com)
+
+ -----BEGIN PKCS12-----
+ MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu
+ [...many more lines...]
+ -----END PKCS12-----
+ $
+
+ Copy this file in a secure way to the server, install it there and
+delete the file then. You may export the file again at any time as long
+as it is available in GnuPG's private key database.
+
diff --git a/doc/gnupg.info-2 b/doc/gnupg.info-2
new file mode 100644
index 0000000..5959a28
--- /dev/null
+++ b/doc/gnupg.info-2
@@ -0,0 +1,2125 @@
+This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo
+version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi.
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+INFO-DIR-SECTION GNU Utilities
+START-INFO-DIR-ENTRY
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+END-INFO-DIR-ENTRY
+
+
+File: gnupg.info, Node: System Notes, Next: Debugging, Prev: Howtos, Up: Top
+
+9 Notes pertaining to certain OSes.
+***********************************
+
+GnuPG has been developed on GNU/Linux systems and is know to work on
+almost all Free OSes. All modern POSIX systems should be supported
+right now, however there are probably a lot of smaller glitches we need
+to fix first. The major problem areas are:
+
+ * For logging to sockets and other internal operations the
+ `fopencookie' function (`funopen' under *BSD) is used. This is a
+ very convenient function which makes it possible to create outputs
+ in a structures and easy maintainable way. The drawback however
+ is that most proprietary OSes don't support this function. At
+ g10 Code we have looked into several ways on how to overcome this
+ limitation but no sufficiently easy and maintainable way has been
+ found. Porting _glibc_ to a general POSIX system is of course an
+ option and would make writing portable software much easier; this
+ it has not yet been done and the system administrator would need
+ to cope with the GNU specific admin things in addition to the
+ generic ones of his system.
+
+ We have now settled to use explicit stdio wrappers with a
+ functionality similar to funopen. Although the code for this has
+ already been written (_libestream_), we have not yet changed GnuPG
+ to use it.
+
+ This means that on systems not supporting either `funopen' or
+ `fopencookie', logging to a socket won't work, prompts are not
+ formatted as pretty as they should be and `gpgsm''s `LISTKEYS'
+ Assuan command does not work.
+
+ * We are planning to use file descriptor passing for interprocess
+ communication. This will allow us save a lot of resources and
+ improve performance of certain operations a lot. Systems not
+ supporting this won't gain these benefits but we try to keep them
+ working the standard way as it is done today.
+
+ * We require more or less full POSIX compatibility. This has been
+ around for 15 years now and thus we don't believe it makes sense to
+ support non POSIX systems anymore. Well, we of course the usual
+ workarounds for near POSIX systems well be applied.
+
+ There is one exception of this rule: Systems based the Microsoft
+ Windows API (called here _W32_) will be supported to some extend.
+
+
+* Menu:
+
+* W32 Notes:: Microsoft Windows Notes
+
+
+File: gnupg.info, Node: W32 Notes, Up: System Notes
+
+9.1 Microsoft Windows Notes
+===========================
+
+Current limitations are:
+
+ * `gpgconf' does not create backup files, so in case of trouble your
+ configuration file might get lost.
+
+ * `watchgnupg' is not available. Logging to sockets is not possible.
+
+ * The periodical smartcard status checking done by `scdaemon' is not
+ yet supported.
+
+
+
+File: gnupg.info, Node: Debugging, Next: Copying, Prev: System Notes, Up: Top
+
+10 How to solve problems
+************************
+
+Everyone knows that software often does not do what it should do and
+thus there is a need to track down problems. We call this debugging in
+a reminiscent to the moth jamming a relay in a Mark II box back in 1947.
+
+ Most of the problems a merely configuration and user problems but
+nevertheless there are the most annoying ones and responsible for many
+gray hairs. We try to give some guidelines here on how to identify and
+solve the problem at hand.
+
+* Menu:
+
+* Debugging Tools:: Description of some useful tools.
+* Debugging Hints:: Various hints on debugging.
+* Common Problems:: Commonly seen problems.
+* Architecture Details:: How the whole thing works internally.
+
+
+File: gnupg.info, Node: Debugging Tools, Next: Debugging Hints, Up: Debugging
+
+10.1 Debugging Tools
+====================
+
+The GnuPG distribution comes with a couple of tools, useful to help find
+and solving problems.
+
+* Menu:
+
+* kbxutil:: Scrutinizing a keybox file.
+
+
+File: gnupg.info, Node: kbxutil, Up: Debugging Tools
+
+10.1.1 Scrutinizing a keybox file
+---------------------------------
+
+A keybox is a file format used to store public keys along with meta
+information and indices. The commonly used one is the file
+`pubring.kbx' in the `.gnupg' directory. It contains all X.509
+certificates as well as OpenPGP keys(1) .
+
+When called the standard way, e.g.:
+
+ `kbxutil ~/.gnupg/pubring.kbx'
+
+it lists all records (called blobs) with there meta-information in a
+human readable format.
+
+To see statistics on the keybox in question, run it using
+
+ `kbxutil --stats ~/.gnupg/pubring.kbx'
+
+and you get an output like:
+
+ Total number of blobs: 99
+ header: 1
+ empty: 0
+ openpgp: 0
+ x509: 98
+ non flagged: 81
+ secret flagged: 0
+ ephemeral flagged: 17
+
+ In this example you see that the keybox does not have any OpenPGP
+keys but contains 98 X.509 certificates and a total of 17 keys or
+certificates are flagged as ephemeral, meaning that they are only
+temporary stored (cached) in the keybox and won't get listed using the
+usual commands provided by `gpgsm' or `gpg'. 81 certificates are stored
+in a standard way and directly available from `gpgsm'.
+
+To find duplicated certificates and keyblocks in a keybox file (this
+should not occur but sometimes things go wrong), run it using
+
+ `kbxutil --find-dups ~/.gnupg/pubring.kbx'
+
+ ---------- Footnotes ----------
+
+ (1) Well, OpenPGP keys are not implemented, `gpg' still used the
+keyring file `pubring.gpg'
+
+
+File: gnupg.info, Node: Debugging Hints, Next: Common Problems, Prev: Debugging Tools, Up: Debugging
+
+10.2 Various hints on debugging.
+================================
+
+ * How to find the IP address of a keyserver
+
+ If a round robin URL of is used for a keyserver (e.g.
+ subkeys.gnupg.org); it is not easy to see what server is actually
+ used. Using the keyserver debug option as in
+
+ gpg --keyserver-options debug=1 -v --refresh-key 1E42B367
+
+ is thus often helpful. Note that the actual output depends on the
+ backend and may change from release to release.
+
+
+
+File: gnupg.info, Node: Common Problems, Next: Architecture Details, Prev: Debugging Hints, Up: Debugging
+
+10.3 Commonly Seen Problems
+===========================
+
+ * Error code `Not supported' from Dirmngr
+
+ Most likely the option `enable-ocsp' is active for gpgsm but
+ Dirmngr's OCSP feature has not been enabled using `allow-ocsp' in
+ `dirmngr.conf'.
+
+ * The Curses based Pinentry does not work
+
+ The far most common reason for this is that the environment
+ variable `GPG_TTY' has not been set correctly. Make sure that it
+ has been set to a real tty devce and not just to `/dev/tty'; i.e.
+ `GPG_TTY=tty' is plainly wrong; what you want is `GPG_TTY=`tty`'
+ -- note the back ticks. Also make sure that this environment
+ variable gets exported, that is you should follow up the setting
+ with an `export GPG_TTY' (assuming a Bourne style shell). Even for
+ GUI based Pinentries; you should have set `GPG_TTY'. See the
+ section on installing the `gpg-agent' on how to do it.
+
+ * SSH hangs while a popping up pinentry was expected
+
+ SSH has no way to tell the gpg-agent what terminal or X display it
+ is running on. So when remotely logging into a box where a
+ gpg-agent with SSH support is running, the pinentry will get
+ popped up on whatever display the gpg-agent has been started. To
+ solve this problem you may issue the command
+
+ echo UPDATESTARTUPTTY | gpg-connect-agent
+
+ and the next pinentry will pop up on your display or screen.
+ However, you need to kill the running pinentry first because only
+ one pinentry may be running at once. If you plan to use ssh on a
+ new display you should issue the above command before invoking ssh
+ or any other service making use of ssh.
+
+ * Exporting a secret key without a certificate
+
+ I may happen that you have created a certificate request using
+ `gpgsm' but not yet received and imported the certificate from the
+ CA. However, you want to export the secret key to another machine
+ right now to import the certificate over there then. You can do
+ this with a little trick but it requires that you know the
+ approximate time you created the signing request. By running the
+ command
+
+ ls -ltr ~/.gnupg/private-keys-v1.d
+
+ you get a listing of all private keys under control of `gpg-agent'.
+ Pick the key which best matches the creation time and run the
+ command
+
+ /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/FOO >FOO.p12
+
+ (Please adjust the path to `gpg-protect-tool' to the appropriate
+ location). FOO is the name of the key file you picked (it should
+ have the suffix `.key'). A Pinentry box will pop up and ask you
+ for the current passphrase of the key and a new passphrase to
+ protect it in the pkcs#12 file.
+
+ To import the created file on the machine you use this command:
+
+ /usr/local/libexec/gpg-protect-tool --p12-import --store FOO.p12
+
+ You will be asked for the pkcs#12 passphrase and a new passphrase
+ to protect the imported private key at its new location.
+
+ Note that there is no easy way to match existing certificates with
+ stored private keys because some private keys are used for Secure
+ Shell or other purposes and don't have a corresponding certificate.
+
+ * A root certificate does not verify
+
+ A common problem is that the root certificate misses the required
+ basicConstraints attribute and thus `gpgsm' rejects this
+ certificate. An error message indicating "no value" is a sign for
+ such a certificate. You may use the `relax' flag in
+ `trustlist.txt' to accept the certificate anyway. Note that the
+ fingerprint and this flag may only be added manually to
+ `trustlist.txt'.
+
+ * Error message: "digest algorithm N has not been enabled"
+
+ The signature is broken. You may try the option
+ `--extra-digest-algo SHA256' to workaround the problem. The
+ number N is the internal algorithm identifier; for example 8
+ refers to SHA-256.
+
+ * The Windows version does not work under Wine
+
+ When running the W32 version of `gpg' under Wine you may get an
+ error messages like:
+
+ gpg: fatal: WriteConsole failed: Access denied
+
+ The solution is to use the command `wineconsole'.
+
+ Some operations like gen-key really want to talk to the console
+ directly for increased security (for example to prevent the
+ passphrase from appearing on the screen). So, you should use
+ `wineconsole' instead of `wine', which will launch a windows
+ console that implements those additional features.
+
+ * Why does GPG's -search-key list weird keys?
+
+ For performance reasons the keyservers do not check the keys the
+ same way `gpg' does. It may happen that the listing of keys
+ available on the keyservers shows keys with wrong user IDs or with
+ user Ids from other keys. If you try to import this key, the bad
+ keys or bad user ids won't get imported, though. This is a bit
+ unfortunate but we can't do anything about it without actually
+ downloading the keys.
+
+
+
+File: gnupg.info, Node: Architecture Details, Prev: Common Problems, Up: Debugging
+
+10.4 How the whole thing works internally.
+==========================================
+
+* Menu:
+
+* GnuPG-1 and GnuPG-2:: Relationship between the two branches.
+
+
+File: gnupg.info, Node: GnuPG-1 and GnuPG-2, Up: Architecture Details
+
+10.4.1 Relationship between the two branches.
+---------------------------------------------
+
+Here is a little picture showing how the components work together:
+
+
+
+Lets try to explain it:
+
+ TO BE DONE.
+
+
+File: gnupg.info, Node: Copying, Next: Contributors, Prev: Debugging, Up: Top
+
+GNU General Public License
+**************************
+
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. `http://fsf.org/'
+
+ Everyone is permitted to copy and distribute verbatim copies of this
+ license document, but changing it is not allowed.
+
+Preamble
+========
+
+The GNU General Public License is a free, copyleft license for software
+and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program-to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you
+have certain responsibilities if you distribute copies of the software,
+or if you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the
+manufacturer can do so. This is fundamentally incompatible with the
+aim of protecting users' freedom to change the software. The
+systematic pattern of such abuse occurs in the area of products for
+individuals to use, which is precisely where it is most unacceptable.
+Therefore, we have designed this version of the GPL to prohibit the
+practice for those products. If such problems arise substantially in
+other domains, we stand ready to extend this provision to those domains
+in future versions of the GPL, as needed to protect the freedom of
+users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public
+ License.
+
+ "Copyright" also means copyright-like laws that apply to other
+ kinds of works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+ License. Each licensee is addressed as "you". "Licensees" and
+ "recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the
+ work in a fashion requiring copyright permission, other than the
+ making of an exact copy. The resulting work is called a "modified
+ version" of the earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work
+ based on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+ permission, would make you directly or secondarily liable for
+ infringement under applicable copyright law, except executing it
+ on a computer or modifying a private copy. Propagation includes
+ copying, distribution (with or without modification), making
+ available to the public, and in some countries other activities as
+ well.
+
+ To "convey" a work means any kind of propagation that enables other
+ parties to make or receive copies. Mere interaction with a user
+ through a computer network, with no transfer of a copy, is not
+ conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+ to the extent that it includes a convenient and prominently visible
+ feature that (1) displays an appropriate copyright notice, and (2)
+ tells the user that there is no warranty for the work (except to
+ the extent that warranties are provided), that licensees may
+ convey the work under this License, and how to view a copy of this
+ License. If the interface presents a list of user commands or
+ options, such as a menu, a prominent item in the list meets this
+ criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+ for making modifications to it. "Object code" means any
+ non-source form of a work.
+
+ A "Standard Interface" means an interface that either is an
+ official standard defined by a recognized standards body, or, in
+ the case of interfaces specified for a particular programming
+ language, one that is widely used among developers working in that
+ language.
+
+ The "System Libraries" of an executable work include anything,
+ other than the work as a whole, that (a) is included in the normal
+ form of packaging a Major Component, but which is not part of that
+ Major Component, and (b) serves only to enable use of the work
+ with that Major Component, or to implement a Standard Interface
+ for which an implementation is available to the public in source
+ code form. A "Major Component", in this context, means a major
+ essential component (kernel, window system, and so on) of the
+ specific operating system (if any) on which the executable work
+ runs, or a compiler used to produce the work, or an object code
+ interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+ the source code needed to generate, install, and (for an executable
+ work) run the object code and to modify the work, including
+ scripts to control those activities. However, it does not include
+ the work's System Libraries, or general-purpose tools or generally
+ available free programs which are used unmodified in performing
+ those activities but which are not part of the work. For example,
+ Corresponding Source includes interface definition files
+ associated with source files for the work, and the source code for
+ shared libraries and dynamically linked subprograms that the work
+ is specifically designed to require, such as by intimate data
+ communication or control flow between those subprograms and other
+ parts of the work.
+
+ The Corresponding Source need not include anything that users can
+ regenerate automatically from other parts of the Corresponding
+ Source.
+
+ The Corresponding Source for a work in source code form is that
+ same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+ copyright on the Program, and are irrevocable provided the stated
+ conditions are met. This License explicitly affirms your unlimited
+ permission to run the unmodified Program. The output from running
+ a covered work is covered by this License only if the output,
+ given its content, constitutes a covered work. This License
+ acknowledges your rights of fair use or other equivalent, as
+ provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+ convey, without conditions so long as your license otherwise
+ remains in force. You may convey covered works to others for the
+ sole purpose of having them make modifications exclusively for
+ you, or provide you with facilities for running those works,
+ provided that you comply with the terms of this License in
+ conveying all material for which you do not control copyright.
+ Those thus making or running the covered works for you must do so
+ exclusively on your behalf, under your direction and control, on
+ terms that prohibit them from making any copies of your
+ copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+ the conditions stated below. Sublicensing is not allowed; section
+ 10 makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+ measure under any applicable law fulfilling obligations under
+ article 11 of the WIPO copyright treaty adopted on 20 December
+ 1996, or similar laws prohibiting or restricting circumvention of
+ such measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+ circumvention of technological measures to the extent such
+ circumvention is effected by exercising rights under this License
+ with respect to the covered work, and you disclaim any intention
+ to limit operation or modification of the work as a means of
+ enforcing, against the work's users, your or third parties' legal
+ rights to forbid circumvention of technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+ receive it, in any medium, provided that you conspicuously and
+ appropriately publish on each copy an appropriate copyright notice;
+ keep intact all notices stating that this License and any
+ non-permissive terms added in accord with section 7 apply to the
+ code; keep intact all notices of the absence of any warranty; and
+ give all recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+ and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+ produce it from the Program, in the form of source code under the
+ terms of section 4, provided that you also meet all of these
+ conditions:
+
+ a. The work must carry prominent notices stating that you
+ modified it, and giving a relevant date.
+
+ b. The work must carry prominent notices stating that it is
+ released under this License and any conditions added under
+ section 7. This requirement modifies the requirement in
+ section 4 to "keep intact all notices".
+
+ c. You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable
+ section 7 additional terms, to the whole of the work, and all
+ its parts, regardless of how they are packaged. This License
+ gives no permission to license the work in any other way, but
+ it does not invalidate such permission if you have separately
+ received it.
+
+ d. If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has
+ interactive interfaces that do not display Appropriate Legal
+ Notices, your work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+ works, which are not by their nature extensions of the covered
+ work, and which are not combined with it such as to form a larger
+ program, in or on a volume of a storage or distribution medium, is
+ called an "aggregate" if the compilation and its resulting
+ copyright are not used to limit the access or legal rights of the
+ compilation's users beyond what the individual works permit.
+ Inclusion of a covered work in an aggregate does not cause this
+ License to apply to the other parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+ of sections 4 and 5, provided that you also convey the
+ machine-readable Corresponding Source under the terms of this
+ License, in one of these ways:
+
+ a. Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b. Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for
+ as long as you offer spare parts or customer support for that
+ product model, to give anyone who possesses the object code
+ either (1) a copy of the Corresponding Source for all the
+ software in the product that is covered by this License, on a
+ durable physical medium customarily used for software
+ interchange, for a price no more than your reasonable cost of
+ physically performing this conveying of source, or (2) access
+ to copy the Corresponding Source from a network server at no
+ charge.
+
+ c. Convey individual copies of the object code with a copy of
+ the written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially,
+ and only if you received the object code with such an offer,
+ in accord with subsection 6b.
+
+ d. Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access
+ to the Corresponding Source in the same way through the same
+ place at no further charge. You need not require recipients
+ to copy the Corresponding Source along with the object code.
+ If the place to copy the object code is a network server, the
+ Corresponding Source may be on a different server (operated
+ by you or a third party) that supports equivalent copying
+ facilities, provided you maintain clear directions next to
+ the object code saying where to find the Corresponding Source.
+ Regardless of what server hosts the Corresponding Source, you
+ remain obligated to ensure that it is available for as long
+ as needed to satisfy these requirements.
+
+ e. Convey the object code using peer-to-peer transmission,
+ provided you inform other peers where the object code and
+ Corresponding Source of the work are being offered to the
+ general public at no charge under subsection 6d.
+
+
+ A separable portion of the object code, whose source code is
+ excluded from the Corresponding Source as a System Library, need
+ not be included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means
+ any tangible personal property which is normally used for personal,
+ family, or household purposes, or (2) anything designed or sold for
+ incorporation into a dwelling. In determining whether a product
+ is a consumer product, doubtful cases shall be resolved in favor of
+ coverage. For a particular product received by a particular user,
+ "normally used" refers to a typical or common use of that class of
+ product, regardless of the status of the particular user or of the
+ way in which the particular user actually uses, or expects or is
+ expected to use, the product. A product is a consumer product
+ regardless of whether the product has substantial commercial,
+ industrial or non-consumer uses, unless such uses represent the
+ only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+ procedures, authorization keys, or other information required to
+ install and execute modified versions of a covered work in that
+ User Product from a modified version of its Corresponding Source.
+ The information must suffice to ensure that the continued
+ functioning of the modified object code is in no case prevented or
+ interfered with solely because modification has been made.
+
+ If you convey an object code work under this section in, or with,
+ or specifically for use in, a User Product, and the conveying
+ occurs as part of a transaction in which the right of possession
+ and use of the User Product is transferred to the recipient in
+ perpetuity or for a fixed term (regardless of how the transaction
+ is characterized), the Corresponding Source conveyed under this
+ section must be accompanied by the Installation Information. But
+ this requirement does not apply if neither you nor any third party
+ retains the ability to install modified object code on the User
+ Product (for example, the work has been installed in ROM).
+
+ The requirement to provide Installation Information does not
+ include a requirement to continue to provide support service,
+ warranty, or updates for a work that has been modified or
+ installed by the recipient, or for the User Product in which it
+ has been modified or installed. Access to a network may be denied
+ when the modification itself materially and adversely affects the
+ operation of the network or violates the rules and protocols for
+ communication across the network.
+
+ Corresponding Source conveyed, and Installation Information
+ provided, in accord with this section must be in a format that is
+ publicly documented (and with an implementation available to the
+ public in source code form), and must require no special password
+ or key for unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of
+ this License by making exceptions from one or more of its
+ conditions. Additional permissions that are applicable to the
+ entire Program shall be treated as though they were included in
+ this License, to the extent that they are valid under applicable
+ law. If additional permissions apply only to part of the Program,
+ that part may be used separately under those permissions, but the
+ entire Program remains governed by this License without regard to
+ the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+ remove any additional permissions from that copy, or from any part
+ of it. (Additional permissions may be written to require their own
+ removal in certain cases when you modify the work.) You may place
+ additional permissions on material, added by you to a covered work,
+ for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material
+ you add to a covered work, you may (if authorized by the copyright
+ holders of that material) supplement the terms of this License
+ with terms:
+
+ a. Disclaiming warranty or limiting liability differently from
+ the terms of sections 15 and 16 of this License; or
+
+ b. Requiring preservation of specified reasonable legal notices
+ or author attributions in that material or in the Appropriate
+ Legal Notices displayed by works containing it; or
+
+ c. Prohibiting misrepresentation of the origin of that material,
+ or requiring that modified versions of such material be
+ marked in reasonable ways as different from the original
+ version; or
+
+ d. Limiting the use for publicity purposes of names of licensors
+ or authors of the material; or
+
+ e. Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f. Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified
+ versions of it) with contractual assumptions of liability to
+ the recipient, for any liability that these contractual
+ assumptions directly impose on those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+ restrictions" within the meaning of section 10. If the Program as
+ you received it, or any part of it, contains a notice stating that
+ it is governed by this License along with a term that is a further
+ restriction, you may remove that term. If a license document
+ contains a further restriction but permits relicensing or
+ conveying under this License, you may add to a covered work
+ material governed by the terms of that license document, provided
+ that the further restriction does not survive such relicensing or
+ conveying.
+
+ If you add terms to a covered work in accord with this section, you
+ must place, in the relevant source files, a statement of the
+ additional terms that apply to those files, or a notice indicating
+ where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in
+ the form of a separately written license, or stated as exceptions;
+ the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+ provided under this License. Any attempt otherwise to propagate or
+ modify it is void, and will automatically terminate your rights
+ under this License (including any patent licenses granted under
+ the third paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+ license from a particular copyright holder is reinstated (a)
+ provisionally, unless and until the copyright holder explicitly
+ and finally terminates your license, and (b) permanently, if the
+ copyright holder fails to notify you of the violation by some
+ reasonable means prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+ reinstated permanently if the copyright holder notifies you of the
+ violation by some reasonable means, this is the first time you have
+ received notice of violation of this License (for any work) from
+ that copyright holder, and you cure the violation prior to 30 days
+ after your receipt of the notice.
+
+ Termination of your rights under this section does not terminate
+ the licenses of parties who have received copies or rights from
+ you under this License. If your rights have been terminated and
+ not permanently reinstated, you do not qualify to receive new
+ licenses for the same material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+ run a copy of the Program. Ancillary propagation of a covered work
+ occurring solely as a consequence of using peer-to-peer
+ transmission to receive a copy likewise does not require
+ acceptance. However, nothing other than this License grants you
+ permission to propagate or modify any covered work. These actions
+ infringe copyright if you do not accept this License. Therefore,
+ by modifying or propagating a covered work, you indicate your
+ acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+ receives a license from the original licensors, to run, modify and
+ propagate that work, subject to this License. You are not
+ responsible for enforcing compliance by third parties with this
+ License.
+
+ An "entity transaction" is a transaction transferring control of an
+ organization, or substantially all assets of one, or subdividing an
+ organization, or merging organizations. If propagation of a
+ covered work results from an entity transaction, each party to that
+ transaction who receives a copy of the work also receives whatever
+ licenses to the work the party's predecessor in interest had or
+ could give under the previous paragraph, plus a right to
+ possession of the Corresponding Source of the work from the
+ predecessor in interest, if the predecessor has it or can get it
+ with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+ rights granted or affirmed under this License. For example, you
+ may not impose a license fee, royalty, or other charge for
+ exercise of rights granted under this License, and you may not
+ initiate litigation (including a cross-claim or counterclaim in a
+ lawsuit) alleging that any patent claim is infringed by making,
+ using, selling, offering for sale, or importing the Program or any
+ portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+ License of the Program or a work on which the Program is based.
+ The work thus licensed is called the contributor's "contributor
+ version".
+
+ A contributor's "essential patent claims" are all patent claims
+ owned or controlled by the contributor, whether already acquired or
+ hereafter acquired, that would be infringed by some manner,
+ permitted by this License, of making, using, or selling its
+ contributor version, but do not include claims that would be
+ infringed only as a consequence of further modification of the
+ contributor version. For purposes of this definition, "control"
+ includes the right to grant patent sublicenses in a manner
+ consistent with the requirements of this License.
+
+ Each contributor grants you a non-exclusive, worldwide,
+ royalty-free patent license under the contributor's essential
+ patent claims, to make, use, sell, offer for sale, import and
+ otherwise run, modify and propagate the contents of its
+ contributor version.
+
+ In the following three paragraphs, a "patent license" is any
+ express agreement or commitment, however denominated, not to
+ enforce a patent (such as an express permission to practice a
+ patent or covenant not to sue for patent infringement). To
+ "grant" such a patent license to a party means to make such an
+ agreement or commitment not to enforce a patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent
+ license, and the Corresponding Source of the work is not available
+ for anyone to copy, free of charge and under the terms of this
+ License, through a publicly available network server or other
+ readily accessible means, then you must either (1) cause the
+ Corresponding Source to be so available, or (2) arrange to deprive
+ yourself of the benefit of the patent license for this particular
+ work, or (3) arrange, in a manner consistent with the requirements
+ of this License, to extend the patent license to downstream
+ recipients. "Knowingly relying" means you have actual knowledge
+ that, but for the patent license, your conveying the covered work
+ in a country, or your recipient's use of the covered work in a
+ country, would infringe one or more identifiable patents in that
+ country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+ arrangement, you convey, or propagate by procuring conveyance of, a
+ covered work, and grant a patent license to some of the parties
+ receiving the covered work authorizing them to use, propagate,
+ modify or convey a specific copy of the covered work, then the
+ patent license you grant is automatically extended to all
+ recipients of the covered work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+ the scope of its coverage, prohibits the exercise of, or is
+ conditioned on the non-exercise of one or more of the rights that
+ are specifically granted under this License. You may not convey a
+ covered work if you are a party to an arrangement with a third
+ party that is in the business of distributing software, under
+ which you make payment to the third party based on the extent of
+ your activity of conveying the work, and under which the third
+ party grants, to any of the parties who would receive the covered
+ work from you, a discriminatory patent license (a) in connection
+ with copies of the covered work conveyed by you (or copies made
+ from those copies), or (b) primarily for and in connection with
+ specific products or compilations that contain the covered work,
+ unless you entered into that arrangement, or that patent license
+ was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+ any implied license or other defenses to infringement that may
+ otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order,
+ agreement or otherwise) that contradict the conditions of this
+ License, they do not excuse you from the conditions of this
+ License. If you cannot convey a covered work so as to satisfy
+ simultaneously your obligations under this License and any other
+ pertinent obligations, then as a consequence you may not convey it
+ at all. For example, if you agree to terms that obligate you to
+ collect a royalty for further conveying from those to whom you
+ convey the Program, the only way you could satisfy both those
+ terms and this License would be to refrain entirely from conveying
+ the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+ permission to link or combine any covered work with a work licensed
+ under version 3 of the GNU Affero General Public License into a
+ single combined work, and to convey the resulting work. The terms
+ of this License will continue to apply to the part which is the
+ covered work, but the special requirements of the GNU Affero
+ General Public License, section 13, concerning interaction through
+ a network will apply to the combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new
+ versions of the GNU General Public License from time to time.
+ Such new versions will be similar in spirit to the present
+ version, but may differ in detail to address new problems or
+ concerns.
+
+ Each version is given a distinguishing version number. If the
+ Program specifies that a certain numbered version of the GNU
+ General Public License "or any later version" applies to it, you
+ have the option of following the terms and conditions either of
+ that numbered version or of any later version published by the
+ Free Software Foundation. If the Program does not specify a
+ version number of the GNU General Public License, you may choose
+ any version ever published by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+ versions of the GNU General Public License can be used, that
+ proxy's public statement of acceptance of a version permanently
+ authorizes you to choose that version for the Program.
+
+ Later license versions may give you additional or different
+ permissions. However, no additional obligations are imposed on any
+ author or copyright holder as a result of your choosing to follow a
+ later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+ APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE
+ COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
+ WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE
+ RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.
+ SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
+ NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+ WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES
+ AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU
+ FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+ CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
+ THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
+ BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+ PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF
+ THE POSSIBILITY OF SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+ above cannot be given local legal effect according to their terms,
+ reviewing courts shall apply local law that most closely
+ approximates an absolute waiver of all civil liability in
+ connection with the Program, unless a warranty or assumption of
+ liability accompanies a copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+How to Apply These Terms to Your New Programs
+=============================================
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+ To do so, attach the following notices to the program. It is
+safest to attach them to the start of each source file to most
+effectively state the exclusion of warranty; and each file should have
+at least the "copyright" line and a pointer to where the full notice is
+found.
+ ONE LINE TO GIVE THE PROGRAM'S NAME AND A BRIEF IDEA OF WHAT IT DOES.
+ Copyright (C) YEAR NAME OF AUTHOR
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or (at
+ your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see `http://www.gnu.org/licenses/'.
+
+ Also add information on how to contact you by electronic and paper
+mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ PROGRAM Copyright (C) YEAR NAME OF AUTHOR
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
+
+ The hypothetical commands `show w' and `show c' should show the
+appropriate parts of the General Public License. Of course, your
+program's commands might be different; for a GUI interface, you would
+use an "about box".
+
+ You should also get your employer (if you work as a programmer) or
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. For more information on this, and how to apply and follow
+the GNU GPL, see `http://www.gnu.org/licenses/'.
+
+ The GNU General Public License does not permit incorporating your
+program into proprietary programs. If your program is a subroutine
+library, you may consider it more useful to permit linking proprietary
+applications with the library. If this is what you want to do, use the
+GNU Lesser General Public License instead of this License. But first,
+please read `http://www.gnu.org/philosophy/why-not-lgpl.html'.
+
+
+
+File: gnupg.info, Node: Contributors, Next: Glossary, Prev: Copying, Up: Top
+
+Contributors to GnuPG
+*********************
+
+The GnuPG project would like to thank its many contributors. Without
+them the project would not have been nearly as successful as it has
+been. Any omissions in this list are accidental. Feel free to contact
+the maintainer if you have been left out or some of your contributions
+are not listed.
+
+ David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils
+Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch
+wrote the code. Birger Langkjer, Daniel Resare, Dokianakis Theofanis,
+Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy Ferenc László,
+Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz Aleksander Urbanowicz,
+Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova',
+Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun Belma Buguner,
+Pedro Morais, Tedi Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos
+Santos, Toomas Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the
+official translations. Mike Ashley wrote and maintains the GNU Privacy
+Handbook. David Scribner is the current FAQ editor. Lorenzo
+Cappelletti maintains the web site.
+
+ The new modularized architecture of gnupg 1.9 as well as the
+X.509/CMS part has been developed as part of the Ägypten project.
+Direct contributors to this project are: Bernhard Herzog, who did
+extensive testing and tracked down a lot of bugs. Bernhard Reiter, who
+made sure that we met the specifications and the deadlines. He did
+extensive testing and came up with a lot of suggestions. Jan-Oliver
+Wagner made sure that we met the specifications and the deadlines. He
+also did extensive testing and came up with a lot of suggestions.
+Karl-Heinz Zimmer and Marc Mutz had to struggle with all the bugs and
+misconceptions while working on KDE integration. Marcus Brinkman
+extended GPGME, cleaned up the Assuan code and fixed bugs all over the
+place. Moritz Schulte took over Libgcrypt maintenance and developed it
+into a stable an useful library. Steffen Hansen had a hard time to
+write the dirmngr due to underspecified interfaces. Thomas Koester did
+extensive testing and tracked down a lot of bugs. Werner Koch designed
+the system and wrote most of the code.
+
+ The following people helped greatly by suggesting improvements,
+testing, fixing bugs, providing resources and doing other important
+tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand
+Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews,
+Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian
+Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de
+Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere,
+Christian Kurz, Christian von Roques, Christopher Oliver, Christian
+Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave
+Dykstra, David C Niemi, David Champion, David Ellement, David Hallinan,
+David Hollenberg, David Mathog, David R. Bergstein, Detlef Lannert,
+Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas Calvert, Ed
+Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo Michelangeli, Ernst
+Molitor, Fabio Coatti, Felix von Leitner, fish stiqz, Florian Weimer,
+Francesco Potorti, Frank Donahoe, Frank Heckenbach, Frank Stajano,
+Frank Tobin, Gabriel Rosenkoetter, Gaël Quéri, Gene Carter, Geoff
+Keating, Georg Schwarz, Giampaolo Tomassoni, Gilbert Fernandes, Greg
+Louis, Greg Troxel, Gregory Steuck, Gregery Barton, Harald Denker,
+Holger Baust, Hendrik Buschkamp, Holger Schurig, Holger Smolinski,
+Holger Trapp, Hugh Daniel, Huy Le, Ian McKellar, Ivo Timmermans, Jan
+Krueger, Jan Niehusmann, Janusz A. Urbanowicz, James Troup, Jean-loup
+Gailly, Jeff Long, Jeffery Von Ronne, Jens Bachem, Jeroen C. van
+Gelderen, J Horacio MG, J. Michael Ashley, Jim Bauer, Jim Small,
+Joachim Backes, Joe Rhett, John A. Martin, Johnny Teveßen, Jörg
+Schilling, Jos Backus, Joseph Walton, Juan F. Codagnone, Jun Kuriyama,
+Kahil D. Jallad, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou, Kazu
+Yamamoto, Keith Clayton, Kevin Ryde, Klaus Singvogel, Kurt Garloff,
+Lars Kellogg-Stedman, L. Sassaman, M Taylor, Marcel Waldvogel, Marco
+d'Itri, Marco Parrone, Marcus Brinkmann, Mark Adler, Mark Elbrecht,
+Mark Pettit, Markus Friedl, Martin Kahlert, Martin Hamilton, Martin
+Schulte, Matt Kraai, Matthew Skala, Matthew Wilcox, Matthias Urlichs,
+Max Valianskiy, Michael Engels, Michael Fischer v. Mollard, Michael
+Roth, Michael Sobolev, Michael Tokarev, Nicolas Graner, Mike McEwan,
+Neal H Walfield, Nelson H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus,
+Nimrod Zimerman, N J Doye, Oliver Haakert, Oskari Jääskeläinen, Pascal
+Scheffers, Paul D. Smith, Per Cederqvist, Phil Blundell, Philippe
+Laliberte, Peter Fales, Peter Gutmann, Peter Marschall, Peter Valchev,
+Piotr Krukowiecki, QingLong, Ralph Gillen, Rat, Reinhard Wobst, Rémi
+Guyomarch, Reuben Sumner, Richard Outerbridge, Robert Joop, Roddy
+Strachan, Roger Sondermann, Roland Rosenfeld, Roman Pavlik, Ross
+Golder, Ryan Malayter, Sam Roberts, Sami Tolvanen, Sean MacLennan,
+Sebastian Klemke, Serge Munhoven, SL Baur, Stefan Bellon,
+Dr.Stefan.Dalibor, Stefan Karrmann, Stefan Keller, Steffen Ullrich,
+Steffen Zahn, Steven Bakker, Steven Murdoch, Susanne Schultz, Ted
+Cabeen, Thiago Jung Bauermann, Thijmen Klok, Thomas Roessler, Tim
+Mooney, Timo Schulz, Todd Vierling, TOGAWA Satoshi, Tom Spindler, Tom
+Zerucha, Tomas Fasth, Tommi Komulainen, Thomas Klausner, Tomasz
+Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko Lusa, Vincent P. Broman,
+Volker Quetschke, W Lewis, Walter Hofmann, Walter Koch, Wayne
+Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki IIDA, Yoshihiro Kajiki
+and Gerlinde Klaes.
+
+ This software has been made possible by the previous work of Chris
+Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
+Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
+Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
+mathematicians and all the folks who have worked hard to create
+complete and free operating systems.
+
+ And finally we'd like to thank everyone who uses these tools, submits
+bug reports and generally reminds us why we're doing this work in the
+first place.
+
+
+File: gnupg.info, Node: Glossary, Next: Option Index, Prev: Contributors, Up: Top
+
+Glossary
+********
+
+`ARL'
+ The _Authority Revocation List_ is technical identical to a CRL
+ but used for CAs and not for end user certificates.
+
+`Chain model'
+ Verification model for X.509 which uses the creation date of a
+ signature as the date the validation starts and in turn checks
+ that each certificate has been issued within the time frame, the
+ issuing certificate was valid. This allows the verification of
+ signatures after the CA's certificate expired. The validation
+ test also required an online check of the certificate status. The
+ chain model is required by the German signature law. See also
+ _Shell model_.
+
+`CMS'
+ The _Cryptographic Message Standard_ describes a message format
+ for encryption and digital signing. It is closely related to the
+ X.509 certificate format. CMS was formerly known under the name
+ `PKCS#7' and is described by `RFC3369'.
+
+`CRL'
+ The _Certificate Revocation List_ is a list containing
+ certificates revoked by the issuer.
+
+`CSR'
+ The _Certificate Signing Request_ is a message send to a CA to ask
+ them to issue a new certificate. The data format of such a signing
+ request is called PCKS#10.
+
+`OpenPGP'
+ A data format used to build a PKI and to exchange encrypted or
+ signed messages. In contrast to X.509, OpenPGP also includes the
+ message format but does not explicitly demand a specific PKI.
+ However any kind of PKI may be build upon the OpenPGP protocol.
+
+`Keygrip'
+ This term is used by GnuPG to describe a 20 byte hash value used
+ to identify a certain key without referencing to a concrete
+ protocol. It is used internally to access a private key. Usually
+ it is shown and entered as a 40 character hexadecimal formatted
+ string.
+
+`OCSP'
+ The _Online Certificate Status Protocol_ is used as an alternative
+ to a CRL. It is described in `RFC 2560'.
+
+`PSE'
+ The _Personal Security Environment_ describes a database to store
+ private keys. This is either a smartcard or a collection of files
+ on a disk; the latter is often called a Soft-PSE.
+
+`Shell model'
+ The standard model for validation of certificates under X.509. At
+ the time of the verification all certificates must be valid and
+ not expired. See also _Chain mode_.
+
+`X.509'
+ Description of a PKI used with CMS. It is for example defined by
+ `RFC3280'.
+
+
+
+File: gnupg.info, Node: Option Index, Next: Index, Prev: Glossary, Up: Top
+
+Option Index
+************
+
+
+* Menu:
+
+* agent-program <1>: Invoking gpg-connect-agent.
+ (line 30)
+* agent-program: Configuration Options.
+ (line 34)
+* allow-admin: Scdaemon Options. (line 184)
+* allow-freeform-uid: GPG Esoteric Options.
+ (line 312)
+* allow-mark-trusted: Agent Options. (line 147)
+* allow-multiple-messages: GPG Esoteric Options.
+ (line 429)
+* allow-non-selfsigned-uid: GPG Esoteric Options.
+ (line 307)
+* allow-secret-key-import: GPG Esoteric Options.
+ (line 424)
+* always-trust: GPG Esoteric Options.
+ (line 498)
+* armor <1>: Input and Output. (line 8)
+* armor: GPG Input and Output.
+ (line 8)
+* ask-cert-expire: GPG Esoteric Options.
+ (line 411)
+* ask-cert-level: GPG Configuration Options.
+ (line 302)
+* ask-sig-expire: GPG Esoteric Options.
+ (line 397)
+* assume-armor: Input and Output. (line 14)
+* assume-base64: Input and Output. (line 18)
+* assume-binary: Input and Output. (line 21)
+* attribute-fd: GPG Esoteric Options.
+ (line 85)
+* attribute-file: GPG Esoteric Options.
+ (line 91)
+* auto-check-trustdb: GPG Configuration Options.
+ (line 598)
+* auto-issuer-key-retrieve: Certificate Options. (line 51)
+* auto-key-locate: GPG Configuration Options.
+ (line 382)
+* base64: Input and Output. (line 11)
+* batch <1>: GPG Configuration Options.
+ (line 39)
+* batch: Agent Options. (line 33)
+* bzip2-compress-level: GPG Configuration Options.
+ (line 276)
+* bzip2-decompress-lowmem: GPG Configuration Options.
+ (line 286)
+* call-dirmngr: Operational GPGSM Commands.
+ (line 27)
+* call-protect-tool: Operational GPGSM Commands.
+ (line 41)
+* card-edit: Operational GPG Commands.
+ (line 157)
+* card-status: Operational GPG Commands.
+ (line 163)
+* card-timeout: Scdaemon Options. (line 168)
+* cert-digest-algo: GPG Esoteric Options.
+ (line 221)
+* cert-notation: GPG Esoteric Options.
+ (line 113)
+* cert-policy-url: GPG Esoteric Options.
+ (line 143)
+* change-pin: Operational GPG Commands.
+ (line 166)
+* check-passphrase-pattern: Agent Options. (line 191)
+* check-sigs: Operational GPG Commands.
+ (line 126)
+* check-trustdb: Operational GPG Commands.
+ (line 257)
+* cipher-algo <1>: CMS Options. (line 13)
+* cipher-algo: GPG Esoteric Options.
+ (line 181)
+* clearsign: Operational GPG Commands.
+ (line 17)
+* command-fd: GPG Esoteric Options.
+ (line 295)
+* command-file: GPG Esoteric Options.
+ (line 302)
+* comment: GPG Esoteric Options.
+ (line 96)
+* compliant-needed: GPG Configuration Options.
+ (line 557)
+* compress-algo: GPG Esoteric Options.
+ (line 198)
+* compress-level: GPG Configuration Options.
+ (line 276)
+* csh: Agent Options. (line 118)
+* ctapi-driver: Scdaemon Options. (line 146)
+* daemon <1>: Scdaemon Commands. (line 31)
+* daemon: Agent Commands. (line 27)
+* dearmor: Operational GPG Commands.
+ (line 312)
+* debug <1>: Scdaemon Options. (line 61)
+* debug <2>: Esoteric Options. (line 58)
+* debug <3>: GPG Esoteric Options.
+ (line 51)
+* debug: Agent Options. (line 71)
+* debug-all <1>: Scdaemon Options. (line 97)
+* debug-all <2>: Esoteric Options. (line 92)
+* debug-all <3>: GPG Esoteric Options.
+ (line 55)
+* debug-all: Agent Options. (line 103)
+* debug-allow-core-dump <1>: Scdaemon Options. (line 114)
+* debug-allow-core-dump: Esoteric Options. (line 95)
+* debug-assuan-log-cats: Scdaemon Options. (line 123)
+* debug-disable-ticker: Scdaemon Options. (line 110)
+* debug-ignore-expiration: Esoteric Options. (line 106)
+* debug-level <1>: Scdaemon Options. (line 28)
+* debug-level <2>: Esoteric Options. (line 29)
+* debug-level <3>: GPG Esoteric Options.
+ (line 22)
+* debug-level: Agent Options. (line 42)
+* debug-log-tid: Scdaemon Options. (line 120)
+* debug-no-chain-validation: Esoteric Options. (line 102)
+* debug-wait <1>: Scdaemon Options. (line 100)
+* debug-wait: Agent Options. (line 106)
+* decode: Invoking gpg-connect-agent.
+ (line 66)
+* decrypt <1>: gpg-zip. (line 22)
+* decrypt <2>: Operational GPGSM Commands.
+ (line 11)
+* decrypt: Operational GPG Commands.
+ (line 52)
+* decrypt-files: Operational GPG Commands.
+ (line 87)
+* default-cache-ttl: Agent Options. (line 158)
+* default-cert-expire: GPG Esoteric Options.
+ (line 417)
+* default-cert-level: GPG Configuration Options.
+ (line 310)
+* default-key <1>: Input and Output. (line 34)
+* default-key: GPG Configuration Options.
+ (line 10)
+* default-keyserver-url: GPG Esoteric Options.
+ (line 457)
+* default-preference-list: GPG Esoteric Options.
+ (line 452)
+* default-recipient: GPG Configuration Options.
+ (line 15)
+* default-recipient-self: GPG Configuration Options.
+ (line 19)
+* default-sig-expire: GPG Esoteric Options.
+ (line 403)
+* delete-key: Operational GPG Commands.
+ (line 171)
+* delete-keys: Certificate Management.
+ (line 57)
+* delete-secret-and-public-key: Operational GPG Commands.
+ (line 180)
+* delete-secret-key: Operational GPG Commands.
+ (line 176)
+* deny-admin: Scdaemon Options. (line 184)
+* desig-revoke: OpenPGP Key Management.
+ (line 21)
+* detach-sign: Operational GPG Commands.
+ (line 27)
+* digest-algo: GPG Esoteric Options.
+ (line 190)
+* dirmnr-program: Configuration Options.
+ (line 40)
+* disable-application: Scdaemon Options. (line 194)
+* disable-ccid: Scdaemon Options. (line 151)
+* disable-cipher-algo: GPG Esoteric Options.
+ (line 229)
+* disable-crl-checks: Certificate Options. (line 13)
+* disable-dsa2: GPG Configuration Options.
+ (line 167)
+* disable-keypad: Scdaemon Options. (line 181)
+* disable-mdc: OpenPGP Options. (line 40)
+* disable-ocsp: Certificate Options. (line 42)
+* disable-policy-checks: Certificate Options. (line 8)
+* disable-pubkey-algo: GPG Esoteric Options.
+ (line 234)
+* disable-scdaemon: Agent Options. (line 230)
+* disable-trusted-cert-crl-check: Certificate Options. (line 19)
+* display: Agent Options. (line 257)
+* display-charset: GPG Configuration Options.
+ (line 231)
+* display-charset:iso-8859-1: GPG Configuration Options.
+ (line 240)
+* display-charset:iso-8859-15: GPG Configuration Options.
+ (line 246)
+* display-charset:iso-8859-2: GPG Configuration Options.
+ (line 243)
+* display-charset:koi8-r: GPG Configuration Options.
+ (line 249)
+* display-charset:utf-8: GPG Configuration Options.
+ (line 252)
+* dry-run: GPG Esoteric Options.
+ (line 8)
+* dump-cert: Certificate Management.
+ (line 33)
+* dump-chain: Certificate Management.
+ (line 37)
+* dump-external-keys: Certificate Management.
+ (line 44)
+* dump-keys: Certificate Management.
+ (line 33)
+* dump-options <1>: Scdaemon Commands. (line 18)
+* dump-options <2>: General GPGSM Commands.
+ (line 19)
+* dump-options <3>: General GPG Commands.
+ (line 19)
+* dump-options: Agent Commands. (line 19)
+* dump-secret-keys: Certificate Management.
+ (line 40)
+* edit-key: OpenPGP Key Management.
+ (line 26)
+* emit-version: GPG Esoteric Options.
+ (line 107)
+* enable-crl-checks: Certificate Options. (line 13)
+* enable-dsa2: GPG Configuration Options.
+ (line 167)
+* enable-ocsp: Certificate Options. (line 42)
+* enable-passphrase-history: Agent Options. (line 210)
+* enable-policy-checks: Certificate Options. (line 8)
+* enable-progress-filter: GPG Esoteric Options.
+ (line 64)
+* enable-special-filenames: GPG Esoteric Options.
+ (line 439)
+* enable-ssh-support: Agent Options. (line 267)
+* enable-trusted-cert-crl-check: Certificate Options. (line 19)
+* enarmor: Operational GPG Commands.
+ (line 312)
+* encrypt <1>: gpg-zip. (line 17)
+* encrypt <2>: Operational GPGSM Commands.
+ (line 7)
+* encrypt: Operational GPG Commands.
+ (line 31)
+* encrypt-files: Operational GPG Commands.
+ (line 84)
+* encrypt-to: GPG Key related Options.
+ (line 21)
+* enforce-passphrase-constraints: Agent Options. (line 176)
+* escape-from-lines: GPG Esoteric Options.
+ (line 259)
+* exec: Invoking gpg-connect-agent.
+ (line 41)
+* exec-path: GPG Configuration Options.
+ (line 190)
+* exit-on-status-write-error: GPG Configuration Options.
+ (line 626)
+* expert: GPG Configuration Options.
+ (line 684)
+* export <1>: Certificate Management.
+ (line 66)
+* export: Operational GPG Commands.
+ (line 185)
+* export-options: GPG Input and Output.
+ (line 67)
+* export-ownertrust: Operational GPG Commands.
+ (line 272)
+* export-secret-keys: Operational GPG Commands.
+ (line 201)
+* export-secret-subkeys: Operational GPG Commands.
+ (line 201)
+* extra-digest-algo: Esoteric Options. (line 7)
+* faked-system-time <1>: Esoteric Options. (line 18)
+* faked-system-time <2>: GPG Esoteric Options.
+ (line 58)
+* faked-system-time: Agent Options. (line 37)
+* fast-list-mode: GPG Esoteric Options.
+ (line 362)
+* fetch-keys: Operational GPG Commands.
+ (line 242)
+* fingerprint: Operational GPG Commands.
+ (line 146)
+* fixed-list-mode: GPG Input and Output.
+ (line 118)
+* fixed-passphrase: Esoteric Options. (line 111)
+* for-your-eyes-only: GPG Esoteric Options.
+ (line 167)
+* force: watchgnupg. (line 22)
+* force-crl-refresh: Certificate Options. (line 31)
+* force-mdc: OpenPGP Options. (line 34)
+* force-v3-sigs: OpenPGP Options. (line 19)
+* force-v4-certs: OpenPGP Options. (line 29)
+* forget: Invoking gpg-preset-passphrase.
+ (line 24)
+* gen-key <1>: Certificate Management.
+ (line 7)
+* gen-key: OpenPGP Key Management.
+ (line 9)
+* gen-prime: Operational GPG Commands.
+ (line 306)
+* gen-random: Operational GPG Commands.
+ (line 299)
+* gen-revoke: OpenPGP Key Management.
+ (line 17)
+* gnupg: OpenPGP Options. (line 108)
+* gpg: gpg-zip. (line 50)
+* gpg-agent-info: GPG Configuration Options.
+ (line 608)
+* gpg-args: gpg-zip. (line 53)
+* gpgconf-list: GPG Esoteric Options.
+ (line 470)
+* gpgconf-test: GPG Esoteric Options.
+ (line 474)
+* group: GPG Key related Options.
+ (line 41)
+* help <1>: gpg-zip. (line 65)
+* help <2>: watchgnupg. (line 35)
+* help <3>: Scdaemon Commands. (line 14)
+* help <4>: General GPGSM Commands.
+ (line 11)
+* help <5>: General GPG Commands.
+ (line 12)
+* help: Agent Commands. (line 15)
+* hex: Invoking gpg-connect-agent.
+ (line 62)
+* hidden-encrypt-to: GPG Key related Options.
+ (line 29)
+* hidden-recipient: GPG Key related Options.
+ (line 14)
+* homedir <1>: Invoking symcryptrun.
+ (line 38)
+* homedir <2>: Invoking gpg-connect-agent.
+ (line 22)
+* homedir <3>: gpgv. (line 53)
+* homedir <4>: Scdaemon Options. (line 13)
+* homedir <5>: Configuration Options.
+ (line 16)
+* homedir <6>: GPG Configuration Options.
+ (line 223)
+* homedir: Agent Options. (line 13)
+* ignore-cache-for-signing: Agent Options. (line 152)
+* ignore-cert-extension: Certificate Options. (line 71)
+* ignore-crc-error: GPG Esoteric Options.
+ (line 332)
+* ignore-mdc-error: GPG Esoteric Options.
+ (line 339)
+* ignore-time-conflict <1>: gpgv. (line 47)
+* ignore-time-conflict: GPG Esoteric Options.
+ (line 318)
+* ignore-valid-from: GPG Esoteric Options.
+ (line 325)
+* import <1>: Certificate Management.
+ (line 87)
+* import: Operational GPG Commands.
+ (line 211)
+* import-options: GPG Input and Output.
+ (line 29)
+* import-ownertrust: Operational GPG Commands.
+ (line 278)
+* include-certs: CMS Options. (line 7)
+* interactive: GPG Esoteric Options.
+ (line 19)
+* keep-display: Agent Options. (line 262)
+* keep-tty: Agent Options. (line 262)
+* keydb-clear-some-cert-flags: Certificate Management.
+ (line 49)
+* keyedit:addcardkey: OpenPGP Key Management.
+ (line 166)
+* keyedit:addkey: OpenPGP Key Management.
+ (line 163)
+* keyedit:addphoto: OpenPGP Key Management.
+ (line 81)
+* keyedit:addrevoker: OpenPGP Key Management.
+ (line 215)
+* keyedit:adduid: OpenPGP Key Management.
+ (line 78)
+* keyedit:bkuptocard: OpenPGP Key Management.
+ (line 180)
+* keyedit:check: OpenPGP Key Management.
+ (line 75)
+* keyedit:clean: OpenPGP Key Management.
+ (line 227)
+* keyedit:cross-certify: OpenPGP Key Management.
+ (line 241)
+* keyedit:delkey: OpenPGP Key Management.
+ (line 191)
+* keyedit:delsig: OpenPGP Key Management.
+ (line 65)
+* keyedit:deluid: OpenPGP Key Management.
+ (line 92)
+* keyedit:disable: OpenPGP Key Management.
+ (line 211)
+* keyedit:enable: OpenPGP Key Management.
+ (line 211)
+* keyedit:expire: OpenPGP Key Management.
+ (line 200)
+* keyedit:key: OpenPGP Key Management.
+ (line 35)
+* keyedit:keyserver: OpenPGP Key Management.
+ (line 110)
+* keyedit:keytocard: OpenPGP Key Management.
+ (line 169)
+* keyedit:lsign: OpenPGP Key Management.
+ (line 46)
+* keyedit:minimize: OpenPGP Key Management.
+ (line 236)
+* keyedit:notation: OpenPGP Key Management.
+ (line 117)
+* keyedit:nrsign: OpenPGP Key Management.
+ (line 51)
+* keyedit:passwd: OpenPGP Key Management.
+ (line 221)
+* keyedit:pref: OpenPGP Key Management.
+ (line 125)
+* keyedit:primary: OpenPGP Key Management.
+ (line 101)
+* keyedit:quit: OpenPGP Key Management.
+ (line 252)
+* keyedit:revkey: OpenPGP Key Management.
+ (line 197)
+* keyedit:revsig: OpenPGP Key Management.
+ (line 70)
+* keyedit:revuid: OpenPGP Key Management.
+ (line 98)
+* keyedit:save: OpenPGP Key Management.
+ (line 249)
+* keyedit:setpref: OpenPGP Key Management.
+ (line 138)
+* keyedit:showphoto: OpenPGP Key Management.
+ (line 89)
+* keyedit:showpref: OpenPGP Key Management.
+ (line 130)
+* keyedit:sign: OpenPGP Key Management.
+ (line 39)
+* keyedit:toggle: OpenPGP Key Management.
+ (line 224)
+* keyedit:trust: OpenPGP Key Management.
+ (line 206)
+* keyedit:tsign: OpenPGP Key Management.
+ (line 55)
+* keyedit:uid: OpenPGP Key Management.
+ (line 31)
+* keyid-format: GPG Configuration Options.
+ (line 422)
+* keyring <1>: gpgv. (line 34)
+* keyring: GPG Configuration Options.
+ (line 197)
+* keyserver: GPG Configuration Options.
+ (line 429)
+* keyserver-options: GPG Configuration Options.
+ (line 449)
+* kill: Invoking gpgconf. (line 53)
+* lc-ctype: Agent Options. (line 257)
+* lc-messages: Agent Options. (line 257)
+* learn-card: Certificate Management.
+ (line 92)
+* limit-card-insert-tries: GPG Configuration Options.
+ (line 635)
+* list-archive: gpg-zip. (line 43)
+* list-chain: Certificate Management.
+ (line 29)
+* list-config: GPG Esoteric Options.
+ (line 462)
+* list-keys <1>: Certificate Management.
+ (line 14)
+* list-keys: Operational GPG Commands.
+ (line 92)
+* list-only: GPG Esoteric Options.
+ (line 11)
+* list-options: GPG Configuration Options.
+ (line 59)
+* list-options:show-keyring: GPG Configuration Options.
+ (line 102)
+* list-options:show-keyserver-urls: GPG Configuration Options.
+ (line 86)
+* list-options:show-notations: GPG Configuration Options.
+ (line 81)
+* list-options:show-photos: GPG Configuration Options.
+ (line 67)
+* list-options:show-policy-urls: GPG Configuration Options.
+ (line 75)
+* list-options:show-sig-expire: GPG Configuration Options.
+ (line 106)
+* list-options:show-sig-subpackets: GPG Configuration Options.
+ (line 110)
+* list-options:show-std-notations: GPG Configuration Options.
+ (line 81)
+* list-options:show-uid-validity: GPG Configuration Options.
+ (line 90)
+* list-options:show-unusable-subkeys: GPG Configuration Options.
+ (line 98)
+* list-options:show-unusable-uids: GPG Configuration Options.
+ (line 94)
+* list-options:show-user-notations: GPG Configuration Options.
+ (line 81)
+* list-packets: Operational GPG Commands.
+ (line 153)
+* list-secret-keys <1>: Certificate Management.
+ (line 21)
+* list-secret-keys: Operational GPG Commands.
+ (line 102)
+* list-sigs: Operational GPG Commands.
+ (line 108)
+* local-user <1>: gpg-zip. (line 40)
+* local-user <2>: Input and Output. (line 42)
+* local-user: GPG Key related Options.
+ (line 63)
+* locate-keys: Operational GPG Commands.
+ (line 139)
+* lock-multiple: GPG Configuration Options.
+ (line 615)
+* lock-never: GPG Configuration Options.
+ (line 619)
+* lock-once: GPG Configuration Options.
+ (line 611)
+* log-file <1>: Invoking symcryptrun.
+ (line 46)
+* log-file <2>: Scdaemon Options. (line 136)
+* log-file <3>: Configuration Options.
+ (line 59)
+* log-file <4>: GPG Esoteric Options.
+ (line 81)
+* log-file: Agent Options. (line 140)
+* logger-fd <1>: gpgv. (line 44)
+* logger-fd: GPG Esoteric Options.
+ (line 77)
+* lsign-key: OpenPGP Key Management.
+ (line 289)
+* mangle-dos-filenames: GPG Configuration Options.
+ (line 294)
+* marginals-needed: GPG Configuration Options.
+ (line 561)
+* max-cache-ttl: Agent Options. (line 166)
+* max-cache-ttl-ssh: Agent Options. (line 171)
+* max-cert-depth: GPG Configuration Options.
+ (line 565)
+* max-output: GPG Input and Output.
+ (line 19)
+* max-passphrase-days: Agent Options. (line 205)
+* min-cert-level: GPG Configuration Options.
+ (line 339)
+* min-passphrase-len: Agent Options. (line 180)
+* min-passphrase-nonalpha: Agent Options. (line 185)
+* multi-server: Scdaemon Commands. (line 26)
+* multifile: Operational GPG Commands.
+ (line 73)
+* no: GPG Configuration Options.
+ (line 56)
+* no-armor: GPG Input and Output.
+ (line 12)
+* no-batch: GPG Configuration Options.
+ (line 39)
+* no-common-certs-import: Esoteric Options. (line 116)
+* no-default-keyring: GPG Esoteric Options.
+ (line 347)
+* no-default-recipient: GPG Configuration Options.
+ (line 25)
+* no-detach <1>: Scdaemon Options. (line 132)
+* no-detach: Agent Options. (line 111)
+* no-encrypt-to: GPG Key related Options.
+ (line 37)
+* no-expensive-trust-checks: GPG Esoteric Options.
+ (line 444)
+* no-ext-connect: Invoking gpg-connect-agent.
+ (line 48)
+* no-grab: Agent Options. (line 136)
+* no-greeting: GPG Configuration Options.
+ (line 649)
+* no-groups: GPG Key related Options.
+ (line 59)
+* no-literal: GPG Esoteric Options.
+ (line 370)
+* no-mangle-dos-filenames: GPG Configuration Options.
+ (line 294)
+* no-mdc-warning: GPG Configuration Options.
+ (line 668)
+* no-options: GPG Configuration Options.
+ (line 269)
+* no-random-seed-file: GPG Configuration Options.
+ (line 643)
+* no-secmem-warning <1>: Configuration Options.
+ (line 55)
+* no-secmem-warning: GPG Configuration Options.
+ (line 652)
+* no-sig-cache: GPG Configuration Options.
+ (line 579)
+* no-sig-create-check: GPG Configuration Options.
+ (line 588)
+* no-skip-hidden-recipients: GPG Key related Options.
+ (line 75)
+* no-tty: GPG Configuration Options.
+ (line 48)
+* no-use-standard-socket: Agent Options. (line 237)
+* no-verbose: GPG Configuration Options.
+ (line 32)
+* not-dash-escaped: GPG Esoteric Options.
+ (line 249)
+* openpgp: OpenPGP Options. (line 116)
+* options <1>: Scdaemon Options. (line 7)
+* options <2>: Configuration Options.
+ (line 10)
+* options <3>: GPG Configuration Options.
+ (line 264)
+* options: Agent Options. (line 7)
+* output <1>: gpg-zip. (line 47)
+* output <2>: Input and Output. (line 52)
+* output: GPG Input and Output.
+ (line 16)
+* override-session-key: GPG Esoteric Options.
+ (line 388)
+* p12-charset: Input and Output. (line 24)
+* passphrase <1>: Invoking gpg-preset-passphrase.
+ (line 35)
+* passphrase: GPG Esoteric Options.
+ (line 288)
+* passphrase-fd: GPG Esoteric Options.
+ (line 271)
+* passphrase-file: GPG Esoteric Options.
+ (line 279)
+* passphrase-repeat: GPG Esoteric Options.
+ (line 266)
+* passwd <1>: Certificate Management.
+ (line 97)
+* passwd: OpenPGP Key Management.
+ (line 294)
+* pcsc-driver: Scdaemon Options. (line 140)
+* permission-warning: GPG Configuration Options.
+ (line 655)
+* personal-cipher-preferences: OpenPGP Options. (line 45)
+* personal-compress-preferences: OpenPGP Options. (line 64)
+* personal-digest-preferences: OpenPGP Options. (line 54)
+* pgp2: OpenPGP Options. (line 134)
+* pgp6: OpenPGP Options. (line 147)
+* pgp7: OpenPGP Options. (line 158)
+* pgp8: OpenPGP Options. (line 164)
+* photo-viewer: GPG Configuration Options.
+ (line 173)
+* pinentry-program: Agent Options. (line 213)
+* pinentry-touch-file: Agent Options. (line 217)
+* policy-file: Configuration Options.
+ (line 31)
+* prefer-system-dirmngr: Configuration Options.
+ (line 46)
+* preserve-permissions: GPG Esoteric Options.
+ (line 447)
+* preset: Invoking gpg-preset-passphrase.
+ (line 20)
+* primary-keyring: GPG Configuration Options.
+ (line 211)
+* print-md: Operational GPG Commands.
+ (line 294)
+* q <1>: Invoking symcryptrun.
+ (line 35)
+* q: Invoking gpg-connect-agent.
+ (line 19)
+* quiet <1>: Invoking symcryptrun.
+ (line 35)
+* quiet <2>: Invoking gpg-connect-agent.
+ (line 19)
+* quiet <3>: gpgv. (line 31)
+* quiet <4>: GPG Configuration Options.
+ (line 35)
+* quiet: Agent Options. (line 30)
+* raw-socket: Invoking gpg-connect-agent.
+ (line 34)
+* reader-port: Scdaemon Options. (line 157)
+* rebuild-keydb-caches: Operational GPG Commands.
+ (line 288)
+* recipient <1>: gpg-zip. (line 36)
+* recipient <2>: Input and Output. (line 47)
+* recipient: GPG Key related Options.
+ (line 8)
+* recv-keys: Operational GPG Commands.
+ (line 220)
+* refresh-keys: Operational GPG Commands.
+ (line 224)
+* reload: Invoking gpgconf. (line 48)
+* require-cross-certification: GPG Configuration Options.
+ (line 677)
+* require-secmem: GPG Configuration Options.
+ (line 672)
+* rfc1991: OpenPGP Options. (line 131)
+* rfc2440: OpenPGP Options. (line 127)
+* rfc4880: OpenPGP Options. (line 122)
+* run: Invoking gpg-connect-agent.
+ (line 53)
+* s2k-cipher-algo: OpenPGP Options. (line 74)
+* s2k-count: OpenPGP Options. (line 91)
+* s2k-digest-algo: OpenPGP Options. (line 80)
+* s2k-mode: OpenPGP Options. (line 84)
+* scdaemon-program: Agent Options. (line 226)
+* search-keys: Operational GPG Commands.
+ (line 233)
+* secret-keyring: GPG Configuration Options.
+ (line 208)
+* send-keys: Operational GPG Commands.
+ (line 192)
+* server <1>: Scdaemon Commands. (line 22)
+* server <2>: Operational GPGSM Commands.
+ (line 24)
+* server: Agent Commands. (line 23)
+* set-filename: GPG Esoteric Options.
+ (line 161)
+* set-filesize: GPG Esoteric Options.
+ (line 374)
+* set-notation: GPG Esoteric Options.
+ (line 113)
+* set-policy-url: GPG Esoteric Options.
+ (line 143)
+* sh: Agent Options. (line 118)
+* show-keyring: GPG Esoteric Options.
+ (line 493)
+* show-notation: GPG Esoteric Options.
+ (line 502)
+* show-photos: GPG Esoteric Options.
+ (line 485)
+* show-policy-url: GPG Esoteric Options.
+ (line 510)
+* show-session-key: GPG Esoteric Options.
+ (line 378)
+* sig-keyserver-url: GPG Esoteric Options.
+ (line 153)
+* sig-notation: GPG Esoteric Options.
+ (line 113)
+* sig-policy-url: GPG Esoteric Options.
+ (line 143)
+* sign <1>: Operational GPGSM Commands.
+ (line 16)
+* sign: Operational GPG Commands.
+ (line 8)
+* sign-key: OpenPGP Key Management.
+ (line 285)
+* simple-sk-checksum: GPG Configuration Options.
+ (line 568)
+* skip-hidden-recipients: GPG Key related Options.
+ (line 75)
+* skip-verify: GPG Esoteric Options.
+ (line 354)
+* status-fd <1>: gpgv. (line 40)
+* status-fd: GPG Esoteric Options.
+ (line 69)
+* status-file: GPG Esoteric Options.
+ (line 73)
+* store: Operational GPG Commands.
+ (line 48)
+* subst: Invoking gpg-connect-agent.
+ (line 59)
+* symmetric: Operational GPG Commands.
+ (line 39)
+* tar: gpg-zip. (line 56)
+* tar-args: gpg-zip. (line 59)
+* textmode: OpenPGP Options. (line 8)
+* throw-keyids: GPG Esoteric Options.
+ (line 240)
+* trust-mode:always: GPG Configuration Options.
+ (line 368)
+* trust-mode:auto: GPG Configuration Options.
+ (line 376)
+* trust-mode:classic: GPG Configuration Options.
+ (line 360)
+* trust-mode:direct: GPG Configuration Options.
+ (line 364)
+* trust-mode:pgp: GPG Configuration Options.
+ (line 355)
+* trust-model: GPG Configuration Options.
+ (line 352)
+* trustdb-name: GPG Configuration Options.
+ (line 216)
+* trusted-key: GPG Configuration Options.
+ (line 345)
+* try-all-secrets: GPG Key related Options.
+ (line 67)
+* ttyname: Agent Options. (line 257)
+* ttytype: Agent Options. (line 257)
+* ungroup: GPG Key related Options.
+ (line 56)
+* update-trustdb: Operational GPG Commands.
+ (line 247)
+* use-agent: GPG Configuration Options.
+ (line 605)
+* use-embedded-filename: GPG Esoteric Options.
+ (line 176)
+* use-standard-socket: Agent Options. (line 237)
+* utf8-strings: GPG Configuration Options.
+ (line 257)
+* v <1>: Scdaemon Options. (line 23)
+* v: Configuration Options.
+ (line 26)
+* validation-model: Certificate Options. (line 62)
+* verbose <1>: Invoking symcryptrun.
+ (line 30)
+* verbose <2>: Invoking gpg-connect-agent.
+ (line 14)
+* verbose <3>: Invoking gpg-preset-passphrase.
+ (line 31)
+* verbose <4>: gpgv. (line 26)
+* verbose <5>: watchgnupg. (line 29)
+* verbose <6>: Scdaemon Options. (line 23)
+* verbose <7>: Configuration Options.
+ (line 26)
+* verbose <8>: GPG Configuration Options.
+ (line 28)
+* verbose: Agent Options. (line 23)
+* verify <1>: Operational GPGSM Commands.
+ (line 20)
+* verify: Operational GPG Commands.
+ (line 60)
+* verify-files: Operational GPG Commands.
+ (line 81)
+* verify-options: GPG Configuration Options.
+ (line 118)
+* verify-options:pka-lookups: GPG Configuration Options.
+ (line 154)
+* verify-options:pka-trust-increase: GPG Configuration Options.
+ (line 161)
+* verify-options:show-keyserver-urls: GPG Configuration Options.
+ (line 137)
+* verify-options:show-notations: GPG Configuration Options.
+ (line 133)
+* verify-options:show-photos: GPG Configuration Options.
+ (line 123)
+* verify-options:show-policy-urls: GPG Configuration Options.
+ (line 127)
+* verify-options:show-primary-uid-only: GPG Configuration Options.
+ (line 149)
+* verify-options:show-std-notations: GPG Configuration Options.
+ (line 133)
+* verify-options:show-uid-validity: GPG Configuration Options.
+ (line 141)
+* verify-options:show-unusable-uids: GPG Configuration Options.
+ (line 145)
+* verify-options:show-user-notations: GPG Configuration Options.
+ (line 133)
+* version <1>: gpg-zip. (line 62)
+* version <2>: watchgnupg. (line 32)
+* version <3>: Scdaemon Commands. (line 10)
+* version <4>: General GPGSM Commands.
+ (line 7)
+* version <5>: General GPG Commands.
+ (line 7)
+* version: Agent Commands. (line 10)
+* warranty <1>: General GPGSM Commands.
+ (line 15)
+* warranty: General GPG Commands.
+ (line 16)
+* with-colons: GPG Input and Output.
+ (line 110)
+* with-ephemeral-keys: Esoteric Options. (line 24)
+* with-fingerprint: GPG Input and Output.
+ (line 124)
+* with-key-data <1>: Input and Output. (line 55)
+* with-key-data: GPG Esoteric Options.
+ (line 358)
+* with-validation: Input and Output. (line 61)
+* write-env-file: Agent Options. (line 124)
+* xauthority: Agent Options. (line 257)
+* yes: GPG Configuration Options.
+ (line 53)
+
+
+File: gnupg.info, Node: Index, Prev: Option Index, Up: Top
+
+Index
+*****
+
+
+* Menu:
+
+* com-certs.pem: GPGSM Configuration. (line 84)
+* command options <1>: Invoking SCDAEMON. (line 6)
+* command options <2>: Invoking GPGSM. (line 6)
+* command options <3>: Invoking GPG. (line 6)
+* command options: Invoking GPG-AGENT. (line 6)
+* contributors: Contributors. (line 6)
+* GPG command options: Invoking GPG. (line 6)
+* GPG-AGENT command options: Invoking GPG-AGENT. (line 6)
+* gpg-agent.conf: Agent Configuration. (line 11)
+* gpg.conf: GPG Configuration. (line 11)
+* gpgconf.conf: Files used by gpgconf.
+ (line 7)
+* GPGSM command options: Invoking GPGSM. (line 6)
+* gpgsm.conf: GPGSM Configuration. (line 11)
+* help.txt: GPGSM Configuration. (line 72)
+* options, GPG command: Invoking GPG. (line 6)
+* options, GPG-AGENT command: Invoking GPG-AGENT. (line 6)
+* options, GPGSM command: Invoking GPGSM. (line 6)
+* options, SCDAEMON command: Invoking SCDAEMON. (line 6)
+* policies.txt: GPGSM Configuration. (line 18)
+* pubring.kbx: GPGSM Configuration. (line 101)
+* qualified.txt: GPGSM Configuration. (line 33)
+* random_seed: GPGSM Configuration. (line 107)
+* relax: Agent Configuration. (line 63)
+* S.gpg-agent: GPGSM Configuration. (line 112)
+* scd-event: Scdaemon Configuration.
+ (line 18)
+* SCDAEMON command options: Invoking SCDAEMON. (line 6)
+* scdaemon.conf: Scdaemon Configuration.
+ (line 11)
+* SIGHUP: Agent Signals. (line 12)
+* SIGINT: Agent Signals. (line 28)
+* SIGTERM: Agent Signals. (line 23)
+* SIGUSR1: Agent Signals. (line 31)
+* SIGUSR2: Agent Signals. (line 34)
+* sshcontrol: Agent Configuration. (line 76)
+
+
diff --git a/doc/gnupg.texi b/doc/gnupg.texi
new file mode 100644
index 0000000..7bb54af
--- /dev/null
+++ b/doc/gnupg.texi
@@ -0,0 +1,222 @@
+\input texinfo @c -*-texinfo-*-
+@c %**start of header
+@setfilename gnupg.info
+@include version.texi
+@settitle Using the GNU Privacy Guard
+
+@c A couple of macros with no effect on texinfo
+@c but used by the yat2m processor.
+@macro manpage {a}
+@end macro
+@macro mansect {a}
+@end macro
+@macro manpause
+@end macro
+@macro mancont
+@end macro
+
+@c Create a separate index for command line options.
+@defcodeindex op
+@c Merge the standard indexes into a single one.
+@syncodeindex fn cp
+@syncodeindex vr cp
+@syncodeindex ky cp
+@syncodeindex pg cp
+@syncodeindex tp cp
+@c %**end of header
+@copying
+This is the @cite{The GNU Privacy Guard Manual} (version
+@value{VERSION}, @value{UPDATED-MONTH}).
+
+@iftex
+Published by the Free Software Foundation@*
+51 Franklin St, Fifth Floor@*
+Boston, MA 02110-1301 USA
+@end iftex
+
+Copyright @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
+
+@quotation
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 3 of the License, or (at your
+option) any later version. The text of the license can be found in the
+section entitled ``Copying''.
+@end quotation
+@end copying
+
+
+@dircategory GNU Utilities
+@direntry
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+@ifset gpgtwoone
+* dirmngr: (gnupg). X.509 CRL and OCSP server.
+* dirmngr-client: (gnupg). X.509 CRL and OCSP client.
+@end ifset
+@end direntry
+
+
+@c
+@c Printing stuff taken from gcc.
+@c
+@macro gnupgtabopt{body}
+@code{\body\}
+@end macro
+@macro gnupgoptlist{body}
+@smallexample
+\body\
+@end smallexample
+@end macro
+@c Makeinfo handles the above macro OK, TeX needs manual line breaks;
+@c they get lost at some point in handling the macro. But if @macro is
+@c used here rather than @alias, it produces double line breaks.
+@iftex
+@alias gol = *
+@end iftex
+@ifnottex
+@macro gol
+@end macro
+@end ifnottex
+
+
+@c
+@c Titlepage
+@c
+@setchapternewpage odd
+@titlepage
+@title Using the GNU Privacy Guard
+@subtitle Version @value{VERSION}
+@subtitle @value{UPDATED-MONTH}
+
+@sp 3
+
+@image{gnupg-logo,16cm,,The GnuPG Logo}
+
+@sp 3
+
+@author Werner Koch (@email{wk@@gnupg.org})
+
+@page
+@vskip 0pt plus 1filll
+@insertcopying
+@end titlepage
+
+@ifnothtml
+@summarycontents
+@contents
+@page
+@end ifnothtml
+
+@ifhtml
+@center @image{gnupg-logo,6cm,,The GnuPG Logo}
+@end ifhtml
+
+@ifnottex
+@node Top
+@top
+@insertcopying
+
+This manual documents how to use the GNU Privacy Guard system as well as
+the administration and the architecture.
+@end ifnottex
+
+@menu
+* Installation:: A short installation guide.
+
+* Invoking GPG-AGENT:: How to launch the secret key daemon.
+@ifset gpgtwoone
+* Invoking DIRMNGR:: How to launch the CRL and OCSP daemon.
+@end ifset
+* Invoking GPG:: Using the OpenPGP protocol.
+* Invoking GPGSM:: Using the S/MIME protocol.
+* Invoking SCDAEMON:: How to handle Smartcards.
+* Specify a User ID:: How to Specify a User Id.
+
+* Helper Tools:: Description of small helper tools
+
+* Howtos:: How to do certain things.
+* System Notes:: Notes pertaining to certain OSes.
+* Debugging:: How to solve problems
+
+* Copying:: GNU General Public License says
+ how you can copy and share GnuPG
+* Contributors:: People who have contributed to GnuPG.
+
+* Glossary:: Short description of terms used.
+* Option Index:: Index to command line options.
+* Index:: Index of concepts and symbol names.
+@end menu
+
+
+@ifhtml
+@page
+@summarycontents
+@contents
+@end ifhtml
+
+
+@include instguide.texi
+
+@include gpg-agent.texi
+@ifset gpgtwoone
+@include dirmngr.texi
+@end ifset
+@include gpg.texi
+@include gpgsm.texi
+@include scdaemon.texi
+
+@node Specify a User ID
+@chapter How to Specify a User Id
+@anchor{how-to-specify-a-user-id}
+@include specify-user-id.texi
+
+
+@include tools.texi
+
+@include howtos.texi
+
+@include sysnotes.texi
+
+@include debugging.texi
+
+@include gpl.texi
+
+@include contrib.texi
+
+@c ---------------------------------------------------------------------
+@c Indexes
+@c ---------------------------------------------------------------------
+
+@include glossary.texi
+
+@node Option Index
+@unnumbered Option Index
+
+@printindex op
+
+@node Index
+@unnumbered Index
+
+@printindex cp
+
+@c ---------------------------------------------------------------------
+@c Epilogue
+@c ---------------------------------------------------------------------
+
+@c @node History
+@c @unnumbered History
+@c
+@c Here are the notices from the old dirmngr manual:
+@c
+@c @itemize
+@c @item Using DirMngr, 2002, Steffen Hansen, Klar"alvdalens Datakonsult AB.
+@c @item Using DirMngr, 2004, 2005, 2006, 2008 Werner Koch, g10 Code GmbH.
+@c @end itemize
+@c
+
+
+@bye
+
+
diff --git a/doc/gnupg7.texi b/doc/gnupg7.texi
new file mode 100644
index 0000000..c48dca9
--- /dev/null
+++ b/doc/gnupg7.texi
@@ -0,0 +1,31 @@
+@c @c -*-texinfo-*-
+@c This is only used to create a man page, thus we don't need to care
+@c about actual texinfo stuff.
+
+@manpage gnupg.7
+@ifset manverb
+.B GnuPG
+\- The GNU Privacy Guard suite of programs
+@end ifset
+@mansect description
+@ifset isman
+GnuPG is a set of programs for public key encryption and digital
+signatures. The program most users will want to use is the OpenPGP
+command line tool, named @command{gpg2}. @command{gpgv}is a stripped
+down version of @command{gpg2} with no encryption functionality, used
+only to verify signatures against a trusted keyring. @command{gpgsm} is
+the X.509/CMS (for S/MIME) counterpart of
+@command{gpg2}. @command{gpg-agent} is a passphrase and private key
+daemon which may also emulate the @command{ssh-agent}.
+@mansect see also
+@command{gpg}(1),
+@command{gpg2}(1),
+@command{gpgv}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{dirmngr}(8),
+@command{scdaemon}(1)
+@include see-also-note.texi
+@end ifset
+
+@bye
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
new file mode 100644
index 0000000..4c7f13f
--- /dev/null
+++ b/doc/gpg-agent.texi
@@ -0,0 +1,1386 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@c Note that we use this texinfo file for all versions of GnuPG:
+@c 2.0 and 2.1. The macro "gpgtwoone" controls parts which are only
+@c valid for GnuPG 2.1 and later.
+
+
+@node Invoking GPG-AGENT
+@chapter Invoking GPG-AGENT
+@cindex GPG-AGENT command options
+@cindex command options
+@cindex options, GPG-AGENT command
+
+@manpage gpg-agent.1
+@ifset manverb
+.B gpg-agent
+\- Secret key management for GnuPG
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.br
+.B gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-server
+.br
+.B gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-daemon
+.RI [ command_line ]
+@end ifset
+
+@mansect description
+@command{gpg-agent} is a daemon to manage secret (private) keys
+independently from any protocol. It is used as a backend for
+@command{gpg} and @command{gpgsm} as well as for a couple of other
+utilities.
+
+@ifset gpgtwoone
+The agent is usualy started on demand by @command{gpg}, @command{gpgsm},
+@command{gpgconf} or @command{gpg-connect-agent}. Thus there is no
+reason to start it manually. In case you want to use the included
+Secure Shell Agent you may start the agent using:
+
+@example
+gpg-connect-agent /bye
+@end example
+@end ifset
+
+@ifclear gpgtwoone
+@noindent
+The usual way to run the agent is from the @code{~/.xsession} file:
+
+@example
+eval $(gpg-agent --daemon)
+@end example
+@noindent
+If you don't use an X server, you can also put this into your regular
+startup file @code{~/.profile} or @code{.bash_profile}. It is best not
+to run multiple instance of the @command{gpg-agent}, so you should make
+sure that only one is running: @command{gpg-agent} uses an environment
+variable to inform clients about the communication parameters. You can
+write the content of this environment variable to a file so that you can
+test for a running agent. Here is an example using Bourne shell syntax:
+
+@smallexample
+gpg-agent --daemon --enable-ssh-support \
+ --write-env-file "$@{HOME@}/.gpg-agent-info"
+@end smallexample
+
+This code should only be run once per user session to initially fire up
+the agent. In the example the optional support for the included Secure
+Shell agent is enabled and the information about the agent is written to
+a file in the HOME directory. Note that by running gpg-agent without
+arguments you may test whether an agent is already running; however such
+a test may lead to a race condition, thus it is not suggested.
+
+@noindent
+The second script needs to be run for each interactive session:
+
+@smallexample
+if [ -f "$@{HOME@}/.gpg-agent-info" ]; then
+ . "$@{HOME@}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+fi
+@end smallexample
+
+@noindent
+It reads the data out of the file and exports the variables. If you
+don't use Secure Shell, you don't need the last two export statements.
+@end ifclear
+
+@noindent
+You should always add the following lines to your @code{.bashrc} or
+whatever initialization file is used for all shell invocations:
+
+@smallexample
+GPG_TTY=$(tty)
+export GPG_TTY
+@end smallexample
+
+@noindent
+It is important that this environment variable always reflects the
+output of the @code{tty} command. For W32 systems this option is not
+required.
+
+Please make sure that a proper pinentry program has been installed
+under the default filename (which is system dependant) or use the
+option @option{pinentry-program} to specify the full name of that program.
+It is often useful to install a symbolic link from the actual used
+pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected
+one (e.g. @file{/usr/bin/pinentry}).
+
+@manpause
+@noindent
+@xref{Option Index},for an index to @command{GPG-AGENT}'s commands and options.
+@mancont
+
+@menu
+* Agent Commands:: List of all commands.
+* Agent Options:: List of all options.
+* Agent Configuration:: Configuration files.
+* Agent Signals:: Use of some signals.
+* Agent Examples:: Some usage examples.
+* Agent Protocol:: The protocol the agent uses.
+@end menu
+
+@mansect commands
+@node Agent Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you cannot
+abbreviate this command.
+
+@item --help
+@itemx -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Note that you cannot abbreviate this command.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Note that you cannot
+abbreviate this command.
+
+@item --server
+@opindex server
+Run in server mode and wait for commands on the @code{stdin}. The
+default mode is to create a socket and listen for commands there.
+
+@item --daemon [@var{command line}]
+@opindex daemon
+Start the gpg-agent as a daemon; that is, detach it from the console
+and run it in the background. Because @command{gpg-agent} prints out
+important information required for further use, a common way of
+invoking gpg-agent is: @code{eval $(gpg-agent --daemon)} to setup the
+environment variables. The option @option{--write-env-file} is
+another way commonly used to do this. Yet another way is creating
+a new process as a child of gpg-agent: @code{gpg-agent --daemon
+/bin/sh}. This way you get a new shell with the environment setup
+properly; if you exit from this shell, gpg-agent terminates as well.
+@end table
+
+@mansect options
+@node Agent Options
+@section Option Summary
+
+@table @gnupgtabopt
+
+@anchor{option --options}
+@item --options @var{file}
+@opindex options
+Reads configuration from @var{file} instead of from the default
+per-user configuration file. The default configuration file is named
+@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
+below the home directory of the user.
+
+@anchor{option --homedir}
+@include opt-homedir.texi
+
+
+@item -v
+@item --verbose
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @command{gpgsm}, such as @samp{-vv}.
+
+@item -q
+@item --quiet
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --batch
+@opindex batch
+Don't invoke a pinentry or do any other thing requiring human interaction.
+
+@item --faked-system-time @var{epoch}
+@opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or a keyword:
+
+@table @code
+@item none
+No debugging at all. A value of less than 1 may be used instead of
+the keyword.
+@item basic
+Some basic debug messages. A value between 1 and 2 may be used
+instead of the keyword.
+@item advanced
+More verbose debug messages. A value between 3 and 5 may be used
+instead of the keyword.
+@item expert
+Even more detailed messages. A value between 6 and 8 may be used
+instead of the keyword.
+@item guru
+All of the debug messages you can get. A value greater than 8 may be
+used instead of the keyword. The creation of hash tracing files is
+only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@item --debug @var{flags}
+@opindex debug
+This option is only useful for debugging and the behaviour may change at
+any time without notice. FLAGS are bit encoded and may be given in
+usual C-Syntax. The currently defined bits are:
+
+@table @code
+@item 0 (1)
+X.509 or OpenPGP protocol related data
+@item 1 (2)
+values of big number integers
+@item 2 (4)
+low level crypto operations
+@item 5 (32)
+memory allocation
+@item 6 (64)
+caching
+@item 7 (128)
+show memory statistics.
+@item 9 (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol
+@item 12 (4096)
+bypass all certificate validation
+@end table
+
+@item --debug-all
+@opindex debug-all
+Same as @code{--debug=0xffffffff}
+
+@item --debug-wait @var{n}
+@opindex debug-wait
+When running in server mode, wait @var{n} seconds before entering the
+actual processing loop and print the pid. This gives time to attach a
+debugger.
+
+@item --no-detach
+@opindex no-detach
+Don't detach the process from the console. This is mainly useful for
+debugging.
+
+@item -s
+@itemx --sh
+@itemx -c
+@itemx --csh
+@opindex sh
+@opindex csh
+Format the info output in daemon mode for use with the standard Bourne
+shell or the C-shell respectively. The default is to guess it based on
+the environment variable @code{SHELL} which is correct in almost all
+cases.
+
+@item --write-env-file @var{file}
+@opindex write-env-file
+Often it is required to connect to the agent from a process not being an
+inferior of @command{gpg-agent} and thus the environment variable with
+the socket name is not available. To help setting up those variables in
+other sessions, this option may be used to write the information into
+@var{file}. If @var{file} is not specified the default name
+@file{$@{HOME@}/.gpg-agent-info} will be used. The format is suitable
+to be evaluated by a Bourne shell like in this simple example:
+
+@example
+eval $(cat @var{file})
+eval $(cut -d= -f 1 < @var{file} | xargs echo export)
+@end example
+
+
+
+@item --no-grab
+@opindex no-grab
+Tell the pinentry not to grab the keyboard and mouse. This option
+should in general not be used to avoid X-sniffing attacks.
+
+@anchor{option --log-file}
+@item --log-file @var{file}
+@opindex log-file
+Append all logging output to @var{file}. This is very helpful in seeing
+what the agent actually does. If neither a log file nor a log file
+descriptor has been set on a Windows platform, the Registry entry
+@code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to specify
+the logging output.
+
+
+@anchor{option --allow-mark-trusted}
+@item --allow-mark-trusted
+@opindex allow-mark-trusted
+Allow clients to mark keys as trusted, i.e. put them into the
+@file{trustlist.txt} file. This is by default not allowed to make it
+harder for users to inadvertently accept Root-CA keys.
+
+@ifset gpgtwoone
+@anchor{option --allow-loopback-pinentry}
+@item --allow-loopback-pinentry
+@opindex allow-loopback-pinentry
+Allow clients to use the loopback pinentry features; see the option
+@option{pinentry-mode} for details.
+@end ifset
+
+@item --ignore-cache-for-signing
+@opindex ignore-cache-for-signing
+This option will let @command{gpg-agent} bypass the passphrase cache for all
+signing operation. Note that there is also a per-session option to
+control this behaviour but this command line option takes precedence.
+
+@item --default-cache-ttl @var{n}
+@opindex default-cache-ttl
+Set the time a cache entry is valid to @var{n} seconds. The default is
+600 seconds.
+
+@item --default-cache-ttl-ssh @var{n}
+@opindex default-cache-ttl
+Set the time a cache entry used for SSH keys is valid to @var{n}
+seconds. The default is 1800 seconds.
+
+@item --max-cache-ttl @var{n}
+@opindex max-cache-ttl
+Set the maximum time a cache entry is valid to @var{n} seconds. After
+this time a cache entry will be expired even if it has been accessed
+recently. The default is 2 hours (7200 seconds).
+
+@item --max-cache-ttl-ssh @var{n}
+@opindex max-cache-ttl-ssh
+Set the maximum time a cache entry used for SSH keys is valid to @var{n}
+seconds. After this time a cache entry will be expired even if it has
+been accessed recently. The default is 2 hours (7200 seconds).
+
+@item --enforce-passphrase-constraints
+@opindex enforce-passphrase-constraints
+Enforce the passphrase constraints by not allowing the user to bypass
+them using the ``Take it anyway'' button.
+
+@item --min-passphrase-len @var{n}
+@opindex min-passphrase-len
+Set the minimal length of a passphrase. When entering a new passphrase
+shorter than this value a warning will be displayed. Defaults to 8.
+
+@item --min-passphrase-nonalpha @var{n}
+@opindex min-passphrase-nonalpha
+Set the minimal number of digits or special characters required in a
+passphrase. When entering a new passphrase with less than this number
+of digits or special characters a warning will be displayed. Defaults
+to 1.
+
+@item --check-passphrase-pattern @var{file}
+@opindex check-passphrase-pattern
+Check the passphrase against the pattern given in @var{file}. When
+entering a new passphrase matching one of these pattern a warning will
+be displayed. @var{file} should be an absolute filename. The default is
+not to use any pattern file.
+
+Security note: It is known that checking a passphrase against a list of
+pattern or even against a complete dictionary is not very effective to
+enforce good passphrases. Users will soon figure up ways to bypass such
+a policy. A better policy is to educate users on good security
+behavior and optionally to run a passphrase cracker regularly on all
+users passphrases to catch the very simple ones.
+
+@item --max-passphrase-days @var{n}
+@opindex max-passphrase-days
+Ask the user to change the passphrase if @var{n} days have passed since
+the last change. With @option{--enforce-passphrase-constraints} set the
+user may not bypass this check.
+
+@item --enable-passphrase-history
+@opindex enable-passphrase-history
+This option does nothing yet.
+
+@item --pinentry-program @var{filename}
+@opindex pinentry-program
+Use program @var{filename} as the PIN entry. The default is installation
+dependent.
+
+@item --pinentry-touch-file @var{filename}
+@opindex pinentry-touch-file
+By default the filename of the socket gpg-agent is listening for
+requests is passed to Pinentry, so that it can touch that file before
+exiting (it does this only in curses mode). This option changes the
+file passed to Pinentry to @var{filename}. The special name
+@code{/dev/null} may be used to completely disable this feature. Note
+that Pinentry will not create that file, it will only change the
+modification and access time.
+
+
+@item --scdaemon-program @var{filename}
+@opindex scdaemon-program
+Use program @var{filename} as the Smartcard daemon. The default is
+installation dependent and can be shown with the @command{gpgconf}
+command.
+
+@item --disable-scdaemon
+@opindex disable-scdaemon
+Do not make use of the scdaemon tool. This option has the effect of
+disabling the ability to do smartcard operations. Note, that enabling
+this option at runtime does not kill an already forked scdaemon.
+
+@item --use-standard-socket
+@itemx --no-use-standard-socket
+@opindex use-standard-socket
+@opindex no-use-standard-socket
+By enabling this option @command{gpg-agent} will listen on the socket
+named @file{S.gpg-agent}, located in the home directory, and not create
+a random socket below a temporary directory. Tools connecting to
+@command{gpg-agent} should first try to connect to the socket given in
+environment variable @var{GPG_AGENT_INFO} and then fall back to this
+socket. This option may not be used if the home directory is mounted on
+a remote file system which does not support special files like fifos or
+sockets.
+@ifset gpgtwoone
+Note, that @option{--use-standard-socket} is the default on all
+systems since GnuPG 2.1.
+@end ifset
+@ifclear gpgtwoone
+Note, that @option{--use-standard-socket} is the default on
+Windows systems.
+@end ifclear
+The default may be changed at build time. It is
+possible to test at runtime whether the agent has been configured for
+use with the standard socket by issuing the command @command{gpg-agent
+--use-standard-socket-p} which returns success if the standard socket
+option has been enabled.
+
+@item --display @var{string}
+@itemx --ttyname @var{string}
+@itemx --ttytype @var{string}
+@itemx --lc-ctype @var{string}
+@itemx --lc-messages @var{string}
+@itemx --xauthority @var{string}
+@opindex display
+@opindex ttyname
+@opindex ttytype
+@opindex lc-ctype
+@opindex lc-messages
+@opindex xauthority
+These options are used with the server mode to pass localization
+information.
+
+@item --keep-tty
+@itemx --keep-display
+@opindex keep-tty
+@opindex keep-display
+Ignore requests to change the current @code{tty} or X window system's
+@code{DISPLAY} variable respectively. This is useful to lock the
+pinentry to pop up at the @code{tty} or display you started the agent.
+
+@anchor{option --enable-ssh-support}
+@item --enable-ssh-support
+@opindex enable-ssh-support
+
+Enable the OpenSSH Agent protocol.
+
+In this mode of operation, the agent does not only implement the
+gpg-agent protocol, but also the agent protocol used by OpenSSH
+(through a separate socket). Consequently, it should be possible to use
+the gpg-agent as a drop-in replacement for the well known ssh-agent.
+
+SSH Keys, which are to be used through the agent, need to be added to
+the gpg-agent initially through the ssh-add utility. When a key is
+added, ssh-add will ask for the password of the provided key file and
+send the unprotected key material to the agent; this causes the
+gpg-agent to ask for a passphrase, which is to be used for encrypting
+the newly received key and storing it in a gpg-agent specific
+directory.
+
+Once a key has been added to the gpg-agent this way, the gpg-agent
+will be ready to use the key.
+
+Note: in case the gpg-agent receives a signature request, the user might
+need to be prompted for a passphrase, which is necessary for decrypting
+the stored key. Since the ssh-agent protocol does not contain a
+mechanism for telling the agent on which display/terminal it is running,
+gpg-agent's ssh-support will use the TTY or X display where gpg-agent
+has been started. To switch this display to the current one, the
+following command may be used:
+
+@smallexample
+gpg-connect-agent updatestartuptty /bye
+@end smallexample
+
+Although all GnuPG components try to start the gpg-agent as needed, this
+is not possible for the ssh support because ssh does not know about it.
+Thus if no GnuPG tool which accesses the agent has been run, there is no
+guarantee that ssh is abale to use gpg-agent for authentication. To fix
+this you may start gpg-agent if needed using this simple command:
+
+@smallexample
+gpg-connect-agent /bye
+@end smallexample
+
+Adding the @option{--verbose} shows the progress of starting the agent.
+
+@end table
+
+All the long options may also be given in the configuration file after
+stripping off the two leading dashes.
+
+
+@mansect files
+@node Agent Configuration
+@section Configuration
+
+There are a few configuration files needed for the operation of the
+agent. By default they may all be found in the current home directory
+(@pxref{option --homedir}).
+
+@table @file
+
+@item gpg-agent.conf
+@cindex gpg-agent.conf
+ This is the standard configuration file read by @command{gpg-agent} on
+ startup. It may contain any valid long option; the leading
+ two dashes may not be entered and the option may not be abbreviated.
+ This file is also read after a @code{SIGHUP} however only a few
+ options will actually have an effect. This default name may be
+ changed on the command line (@pxref{option --options}).
+ You should backup this file.
+
+@item trustlist.txt
+ This is the list of trusted keys. You should backup this file.
+
+ Comment lines, indicated by a leading hash mark, as well as empty
+ lines are ignored. To mark a key as trusted you need to enter its
+ fingerprint followed by a space and a capital letter @code{S}. Colons
+ may optionally be used to separate the bytes of a fingerprint; this
+ allows to cut and paste the fingerprint from a key listing output. If
+ the line is prefixed with a @code{!} the key is explicitly marked as
+ not trusted.
+
+ Here is an example where two keys are marked as ultimately trusted
+ and one as not trusted:
+
+ @example
+ # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE
+ A6935DD34EF3087973C706FC311AA2CCF733765B S
+
+ # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE
+ DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S
+
+ # CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE
+ !14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S
+ @end example
+
+Before entering a key into this file, you need to ensure its
+authenticity. How to do this depends on your organisation; your
+administrator might have already entered those keys which are deemed
+trustworthy enough into this file. Places where to look for the
+fingerprint of a root certificate are letters received from the CA or
+the website of the CA (after making 100% sure that this is indeed the
+website of that CA). You may want to consider allowing interactive
+updates of this file by using the @xref{option --allow-mark-trusted}.
+This is however not as secure as maintaining this file manually. It is
+even advisable to change the permissions to read-only so that this file
+can't be changed inadvertently.
+
+As a special feature a line @code{include-default} will include a global
+list of trusted certificates (e.g. @file{/etc/gnupg/trustlist.txt}).
+This global list is also used if the local list is not available.
+
+It is possible to add further flags after the @code{S} for use by the
+caller:
+
+@table @code
+
+@item relax
+@cindex relax
+Relax checking of some root certificate requirements. As of now this
+flag allows the use of root certificates with a missing basicConstraints
+attribute (despite that it is a MUST for CA certificates) and disables
+CRL checking for the root certificate.
+
+@item cm
+If validation of a certificate finally issued by a CA with this flag set
+fails, try again using the chain validation model.
+
+@end table
+
+
+@item sshcontrol
+@cindex sshcontrol
+This file is used when support for the secure shell agent protocol has
+been enabled (@pxref{option --enable-ssh-support}). Only keys present in
+this file are used in the SSH protocol. You should backup this file.
+
+The @command{ssh-add} tool may be used to add new entries to this file;
+you may also add them manually. Comment lines, indicated by a leading
+hash mark, as well as empty lines are ignored. An entry starts with
+optional whitespace, followed by the keygrip of the key given as 40 hex
+digits, optionally followed by the caching TTL in seconds and another
+optional field for arbitrary flags. A non-zero TTL overrides the global
+default as set by @option{--default-cache-ttl-ssh}.
+
+The only flag support is @code{confirm}. If this flag is found for a
+key, each use of the key will pop up a pinentry to confirm the use of
+that key. The flag is automatically set if a new key was loaded into
+@code{gpg-agent} using the option @option{-c} of the @code{ssh-add}
+command.
+
+The keygrip may be prefixed with a @code{!} to disable an entry entry.
+
+The following example lists exactly one key. Note that keys available
+through a OpenPGP smartcard in the active smartcard reader are
+implicitly added to this list; i.e. there is no need to list them.
+
+ @example
+ # Key added on: 2011-07-20 20:38:46
+ # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81
+ 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm
+ @end example
+
+@item private-keys-v1.d/
+
+ This is the directory where gpg-agent stores the private keys. Each
+ key is stored in a file with the name made up of the keygrip and the
+ suffix @file{key}. You should backup all files in this directory
+ and take great care to keep this backup closed away.
+
+
+@end table
+
+Note that on larger installations, it is useful to put predefined
+files into the directory @file{/etc/skel/.gnupg/} so that newly created
+users start up with a working configuration. For existing users the
+a small helper script is provided to create these files (@pxref{addgnupghome}).
+
+
+
+@c
+@c Agent Signals
+@c
+@mansect signals
+@node Agent Signals
+@section Use of some signals.
+A running @command{gpg-agent} may be controlled by signals, i.e. using
+the @command{kill} command to send a signal to the process.
+
+Here is a list of supported signals:
+
+@table @gnupgtabopt
+
+@item SIGHUP
+@cpindex SIGHUP
+This signal flushes all cached passphrases and if the program has been
+started with a configuration file, the configuration file is read again.
+Only certain options are honored: @code{quiet}, @code{verbose},
+@code{debug}, @code{debug-all}, @code{debug-level}, @code{no-grab},
+@code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl},
+@code{ignore-cache-for-signing}, @code{allow-mark-trusted} and
+@code{disable-scdaemon}. @code{scdaemon-program} is also supported but
+due to the current implementation, which calls the scdaemon only once,
+it is not of much use unless you manually kill the scdaemon.
+
+
+@item SIGTERM
+@cpindex SIGTERM
+Shuts down the process but waits until all current requests are
+fulfilled. If the process has received 3 of these signals and requests
+are still pending, a shutdown is forced.
+
+@item SIGINT
+@cpindex SIGINT
+Shuts down the process immediately.
+
+@item SIGUSR1
+@cpindex SIGUSR1
+Dump internal information to the log file.
+
+@item SIGUSR2
+@cpindex SIGUSR2
+This signal is used for internal purposes.
+
+@end table
+
+@c
+@c Examples
+@c
+@mansect examples
+@node Agent Examples
+@section Examples
+
+The usual way to invoke @command{gpg-agent} is
+
+@example
+$ eval $(gpg-agent --daemon)
+@end example
+
+An alternative way is by replacing @command{ssh-agent} with
+@command{gpg-agent}. If for example @command{ssh-agent} is started as
+part of the Xsession initialization, you may simply replace
+@command{ssh-agent} by a script like:
+
+@cartouche
+@example
+#!/bin/sh
+
+exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \
+ --write-env-file $@{HOME@}/.gpg-agent-info "$@@"
+@end example
+@end cartouche
+
+@noindent
+and add something like (for Bourne shells)
+
+@cartouche
+@example
+ if [ -f "$@{HOME@}/.gpg-agent-info" ]; then
+ . "$@{HOME@}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+ fi
+@end example
+@end cartouche
+
+@noindent
+to your shell initialization file (e.g. @file{~/.bashrc}).
+
+@c
+@c Assuan Protocol
+@c
+@manpause
+@node Agent Protocol
+@section Agent's Assuan Protocol
+
+Note: this section does only document the protocol, which is used by
+GnuPG components; it does not deal with the ssh-agent protocol.
+
+The @command{gpg-agent} should be started by the login shell and set an
+environment variable to tell clients about the socket to be used.
+Clients should deny to access an agent with a socket name which does
+not match its own configuration. An application may choose to start
+an instance of the gpgagent if it does not figure that any has been
+started; it should not do this if a gpgagent is running but not
+usable. Because @command{gpg-agent} can only be used in background mode, no
+special command line option is required to activate the use of the
+protocol.
+
+To identify a key we use a thing called keygrip which is the SHA-1 hash
+of an canonical encoded S-Expression of the public key as used in
+Libgcrypt. For the purpose of this interface the keygrip is given as a
+hex string. The advantage of using this and not the hash of a
+certificate is that it will be possible to use the same keypair for
+different protocols, thereby saving space on the token used to keep the
+secret keys.
+
+@menu
+* Agent PKDECRYPT:: Decrypting a session key
+* Agent PKSIGN:: Signing a Hash
+* Agent GENKEY:: Generating a Key
+* Agent IMPORT:: Importing a Secret Key
+* Agent EXPORT:: Exporting a Secret Key
+* Agent ISTRUSTED:: Importing a Root Certificate
+* Agent GET_PASSPHRASE:: Ask for a passphrase
+* Agent GET_CONFIRMATION:: Ask for confirmation
+* Agent HAVEKEY:: Check whether a key is available
+* Agent LEARN:: Register a smartcard
+* Agent PASSWD:: Change a Passphrase
+* Agent UPDATESTARTUPTTY:: Change the Standard Display
+* Agent GETEVENTCOUNTER:: Get the Event Counters
+* Agent GETINFO:: Return information about the process
+* Agent OPTION:: Set options for the session
+@end menu
+
+@node Agent PKDECRYPT
+@subsection Decrypting a session key
+
+The client asks the server to decrypt a session key. The encrypted
+session key should have all information needed to select the
+appropriate secret key or to delegate it to a smartcard.
+
+@example
+ SETKEY <keyGrip>
+@end example
+
+Tell the server about the key to be used for decryption. If this is
+not used, @command{gpg-agent} may try to figure out the key by trying to
+decrypt the message with each key available.
+
+@example
+ PKDECRYPT
+@end example
+
+The agent checks whether this command is allowed and then does an
+INQUIRY to get the ciphertext the client should then send the cipher
+text.
+
+@example
+ S: INQUIRE CIPHERTEXT
+ C: D (xxxxxx
+ C: D xxxx)
+ C: END
+@end example
+
+Please note that the server may send status info lines while reading the
+data lines from the client. The data send is a SPKI like S-Exp with
+this structure:
+
+@example
+ (enc-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+@end example
+
+Where algo is a string with the name of the algorithm; see the libgcrypt
+documentation for a list of valid algorithms. The number and names of
+the parameters depend on the algorithm. The agent does return an error
+if there is an inconsistency.
+
+If the decryption was successful the decrypted data is returned by
+means of "D" lines.
+
+Here is an example session:
+
+@example
+ C: PKDECRYPT
+ S: INQUIRE CIPHERTEXT
+ C: D (enc-val elg (a 349324324)
+ C: D (b 3F444677CA)))
+ C: END
+ S: # session key follows
+ S: D (value 1234567890ABCDEF0)
+ S: OK descryption successful
+@end example
+
+
+@node Agent PKSIGN
+@subsection Signing a Hash
+
+The client ask the agent to sign a given hash value. A default key
+will be chosen if no key has been set. To set a key a client first
+uses:
+
+@example
+ SIGKEY <keyGrip>
+@end example
+
+This can be used multiple times to create multiple signature, the list
+of keys is reset with the next PKSIGN command or a RESET. The server
+test whether the key is a valid key to sign something and responds with
+okay.
+
+@example
+ SETHASH --hash=<name>|<algo> <hexstring>
+@end example
+
+The client can use this command to tell the server about the data <hexstring>
+(which usually is a hash) to be signed. <algo> is the decimal encoded hash
+algorithm number as used by Libgcrypt. Either <algo> or --hash=<name>
+must be given. Valid names for <name> are:
+
+@table @code
+@item sha1
+@item sha256
+@item rmd160
+@item md5
+@item tls-md5sha1
+@end table
+
+@noindent
+The actual signing is done using
+
+@example
+ PKSIGN <options>
+@end example
+
+Options are not yet defined, but my later be used to choose among
+different algorithms. The agent does then some checks, asks for the
+passphrase and as a result the server returns the signature as an SPKI
+like S-expression in "D" lines:
+
+@example
+ (sig-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+@end example
+
+
+The operation is affected by the option
+
+@example
+ OPTION use-cache-for-signing=0|1
+@end example
+
+The default of @code{1} uses the cache. Setting this option to @code{0}
+will lead @command{gpg-agent} to ignore the passphrase cache. Note, that there is
+also a global command line option for @command{gpg-agent} to globally disable the
+caching.
+
+
+Here is an example session:
+
+@example
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: PKSIGN
+ S: # I did ask the user whether he really wants to sign
+ S: # I did ask the user for the passphrase
+ S: INQUIRE HASHVAL
+ C: D ABCDEF012345678901234
+ C: END
+ S: # signature follows
+ S: D (sig-val rsa (s 45435453654612121212))
+ S: OK
+@end example
+
+
+@node Agent GENKEY
+@subsection Generating a Key
+
+This is used to create a new keypair and store the secret key inside the
+active PSE --- which is in most cases a Soft-PSE. An not yet defined
+option allows to choose the storage location. To get the secret key out
+of the PSE, a special export tool has to be used.
+
+@example
+ GENKEY
+@end example
+
+Invokes the key generation process and the server will then inquire
+on the generation parameters, like:
+
+@example
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+@end example
+
+The format of the key parameters which depends on the algorithm is of
+the form:
+
+@example
+ (genkey
+ (algo
+ (parameter_name_1 ....)
+ ....
+ (parameter_name_n ....)))
+@end example
+
+If everything succeeds, the server returns the *public key* in a SPKI
+like S-Expression like this:
+
+@example
+ (public-key
+ (rsa
+ (n <mpi>)
+ (e <mpi>)))
+@end example
+
+Here is an example session:
+
+@example
+ C: GENKEY
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+ S: D (public-key
+ S: D (rsa (n 326487324683264) (e 10001)))
+ S OK key created
+@end example
+
+@node Agent IMPORT
+@subsection Importing a Secret Key
+
+This operation is not yet supported by GpgAgent. Specialized tools
+are to be used for this.
+
+There is no actual need because we can expect that secret keys
+created by a 3rd party are stored on a smartcard. If we have
+generated the key ourself, we do not need to import it.
+
+@node Agent EXPORT
+@subsection Export a Secret Key
+
+Not implemented.
+
+Should be done by an extra tool.
+
+@node Agent ISTRUSTED
+@subsection Importing a Root Certificate
+
+Actually we do not import a Root Cert but provide a way to validate
+any piece of data by storing its Hash along with a description and
+an identifier in the PSE. Here is the interface description:
+
+@example
+ ISTRUSTED <fingerprint>
+@end example
+
+Check whether the OpenPGP primary key or the X.509 certificate with the
+given fingerprint is an ultimately trusted key or a trusted Root CA
+certificate. The fingerprint should be given as a hexstring (without
+any blanks or colons or whatever in between) and may be left padded with
+00 in case of an MD5 fingerprint. GPGAgent will answer with:
+
+@example
+ OK
+@end example
+
+The key is in the table of trusted keys.
+
+@example
+ ERR 304 (Not Trusted)
+@end example
+
+The key is not in this table.
+
+Gpg needs the entire list of trusted keys to maintain the web of
+trust; the following command is therefore quite helpful:
+
+@example
+ LISTTRUSTED
+@end example
+
+GpgAgent returns a list of trusted keys line by line:
+
+@example
+ S: D 000000001234454556565656677878AF2F1ECCFF P
+ S: D 340387563485634856435645634856438576457A P
+ S: D FEDC6532453745367FD83474357495743757435D S
+ S: OK
+@end example
+
+The first item on a line is the hexified fingerprint where MD5
+fingerprints are @code{00} padded to the left and the second item is a
+flag to indicate the type of key (so that gpg is able to only take care
+of PGP keys). P = OpenPGP, S = S/MIME. A client should ignore the rest
+of the line, so that we can extend the format in the future.
+
+Finally a client should be able to mark a key as trusted:
+
+@example
+ MARKTRUSTED @var{fingerprint} "P"|"S"
+@end example
+
+The server will then pop up a window to ask the user whether she
+really trusts this key. For this it will probably ask for a text to
+be displayed like this:
+
+@example
+ S: INQUIRE TRUSTDESC
+ C: D Do you trust the key with the fingerprint @@FPR@@
+ C: D bla fasel blurb.
+ C: END
+ S: OK
+@end example
+
+Known sequences with the pattern @@foo@@ are replaced according to this
+table:
+
+@table @code
+@item @@FPR16@@
+Format the fingerprint according to gpg rules for a v3 keys.
+@item @@FPR20@@
+Format the fingerprint according to gpg rules for a v4 keys.
+@item @@FPR@@
+Choose an appropriate format to format the fingerprint.
+@item @@@@
+Replaced by a single @code{@@}
+@end table
+
+@node Agent GET_PASSPHRASE
+@subsection Ask for a passphrase
+
+This function is usually used to ask for a passphrase to be used for
+conventional encryption, but may also be used by programs which need
+special handling of passphrases. This command uses a syntax which helps
+clients to use the agent with minimum effort.
+
+@example
+ GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] @var{cache_id} [@var{error_message} @var{prompt} @var{description}]
+@end example
+
+@var{cache_id} is expected to be a string used to identify a cached
+passphrase. Use a @code{X} to bypass the cache. With no other
+arguments the agent returns a cached passphrase or an error. By
+convention either the hexified fingerprint of the key shall be used for
+@var{cache_id} or an arbitrary string prefixed with the name of the
+calling application and a colon: Like @code{gpg:somestring}.
+
+@var{error_message} is either a single @code{X} for no error message or
+a string to be shown as an error message like (e.g. "invalid
+passphrase"). Blanks must be percent escaped or replaced by @code{+}'.
+
+@var{prompt} is either a single @code{X} for a default prompt or the
+text to be shown as the prompt. Blanks must be percent escaped or
+replaced by @code{+}.
+
+@var{description} is a text shown above the entry field. Blanks must be
+percent escaped or replaced by @code{+}.
+
+The agent either returns with an error or with a OK followed by the hex
+encoded passphrase. Note that the length of the strings is implicitly
+limited by the maximum length of a command. If the option
+@option{--data} is used, the passphrase is not returned on the OK line
+but by regular data lines; this is the preferred method.
+
+If the option @option{--check} is used, the standard passphrase
+constraints checks are applied. A check is not done if the passphrase
+has been found in the cache.
+
+If the option @option{--no-ask} is used and the passphrase is not in the
+cache the user will not be asked to enter a passphrase but the error
+code @code{GPG_ERR_NO_DATA} is returned.
+
+If the option @option{--qualitybar} is used and a minimum passphrase
+length has been configured, a visual indication of the entered
+passphrase quality is shown.
+
+@example
+ CLEAR_PASSPHRASE @var{cache_id}
+@end example
+
+may be used to invalidate the cache entry for a passphrase. The
+function returns with OK even when there is no cached passphrase.
+
+
+@node Agent GET_CONFIRMATION
+@subsection Ask for confirmation
+
+This command may be used to ask for a simple confirmation by
+presenting a text and 2 buttons: Okay and Cancel.
+
+@example
+ GET_CONFIRMATION @var{description}
+@end example
+
+@var{description}is displayed along with a Okay and Cancel
+button. Blanks must be percent escaped or replaced by @code{+}. A
+@code{X} may be used to display confirmation dialog with a default
+text.
+
+The agent either returns with an error or with a OK. Note, that the
+length of @var{description} is implicitly limited by the maximum
+length of a command.
+
+
+
+@node Agent HAVEKEY
+@subsection Check whether a key is available
+
+This can be used to see whether a secret key is available. It does
+not return any information on whether the key is somehow protected.
+
+@example
+ HAVEKEY @var{keygrips}
+@end example
+
+The agent answers either with OK or @code{No_Secret_Key} (208). The
+caller may want to check for other error codes as well. More than one
+keygrip may be given. In this case the command returns success if at
+least one of the keygrips corresponds to an available secret key.
+
+
+@node Agent LEARN
+@subsection Register a smartcard
+
+@example
+ LEARN [--send]
+@end example
+
+This command is used to register a smartcard. With the --send
+option given the certificates are send back.
+
+
+@node Agent PASSWD
+@subsection Change a Passphrase
+
+@example
+ PASSWD @var{keygrip}
+@end example
+
+This command is used to interactively change the passphrase of the key
+identified by the hex string @var{keygrip}.
+
+
+@node Agent UPDATESTARTUPTTY
+@subsection Change the standard display
+
+@example
+ UPDATESTARTUPTTY
+@end example
+
+Set the startup TTY and X-DISPLAY variables to the values of this
+session. This command is useful to direct future pinentry invocations
+to another screen. It is only required because there is no way in the
+ssh-agent protocol to convey this information.
+
+
+@node Agent GETEVENTCOUNTER
+@subsection Get the Event Counters
+
+@example
+ GETEVENTCOUNTER
+@end example
+
+This function return one status line with the current values of the
+event counters. The event counters are useful to avoid polling by
+delaying a poll until something has changed. The values are decimal
+numbers in the range @code{0} to @code{UINT_MAX} and wrapping around to
+0. The actual values should not be relied upon; they shall only be used
+to detect a change.
+
+The currently defined counters are are:
+@table @code
+@item ANY
+Incremented with any change of any of the other counters.
+@item KEY
+Incremented for added or removed private keys.
+@item CARD
+Incremented for changes of the card readers stati.
+@end table
+
+@node Agent GETINFO
+@subsection Return information about the process
+
+This is a multipurpose function to return a variety of information.
+
+@example
+GETINFO @var{what}
+@end example
+
+The value of @var{what} specifies the kind of information returned:
+@table @code
+@item version
+Return the version of the program.
+@item pid
+Return the process id of the process.
+@item socket_name
+Return the name of the socket used to connect the agent.
+@item ssh_socket_name
+Return the name of the socket used for SSH connections. If SSH support
+has not been enabled the error @code{GPG_ERR_NO_DATA} will be returned.
+@end table
+
+@node Agent OPTION
+@subsection Set options for the session
+
+Here is a list of session options which are not yet described with
+other commands. The general syntax for an Assuan option is:
+
+@smallexample
+OPTION @var{key}=@var{value}
+@end smallexample
+
+@noindent
+Supported @var{key}s are:
+
+@table @code
+@item agent-awareness
+This may be used to tell gpg-agent of which gpg-agent version the
+client is aware of. gpg-agent uses this information to enable
+features which might break older clients.
+
+@item putenv
+Change the session's environment to be used for the
+Pinentry. Valid values are:
+
+ @table @code
+ @item @var{name}
+ Delete envvar @var{name}
+ @item @var{name}=
+ Set envvar @var{name} to the empty string
+ @item @var{name}=@var{value}
+ Set envvar @var{name} to the string @var{value}.
+ @end table
+
+@item use-cache-for-signing
+See Assuan command @code{PKSIGN}.
+
+@item allow-pinentry-notify
+This does not need any value. It is used to enable the
+PINENTRY_LAUNCHED inquiry.
+
+@ifset gpgtwoone
+@item pinentry-mode
+This option is used to change the operation mode of the pinentry. The
+following values are defined:
+
+ @table @code
+ @item ask
+ This is the default mode which pops up a pinentry as needed.
+
+ @item cancel
+ Instead of popping up a pinentry, return the error code
+ @code{GPG_ERR_CANCELED}.
+
+ @item error
+ Instead of popping up a pinentry, return the error code
+ @code{GPG_ERR_NO_PIN_ENTRY}.
+
+ @item loopback
+ Use a loopback pinentry. This fakes a pinentry by using inquiries
+ back to the caller to ask for a passphrase. This option may only be
+ set if the agent has been configured for that.
+ Use the @xref{option --allow-loopback-pinentry}.
+
+ @end table
+@end ifset
+
+@ifset gpgtwoone
+@item cache-ttl-opt-preset
+This option sets the cache TTL for new entries created by GENKEY and
+PASSWD commands when using the @option{--preset} option. It it is not
+used a default value is used.
+@end ifset
+
+@ifset gpgtwoone
+@item s2k-count
+Instead of using the standard S2K count (which is computed on the
+fly), the given S2K count is used for new keys or when changing the
+passphrase of a key. Values below 65536 are considered to be 0. This
+option is valid for the entire session or until reset to 0. This
+option is useful if the key is later used on boxes which are either
+much slower or faster than the actual box.
+@end ifset
+
+@end table
+
+
+@mansect see also
+@ifset isman
+@command{gpg2}(1),
+@command{gpgsm}(1),
+@command{gpg-connect-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
diff --git a/doc/gpg.texi b/doc/gpg.texi
new file mode 100644
index 0000000..420326b
--- /dev/null
+++ b/doc/gpg.texi
@@ -0,0 +1,3394 @@
+@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+@c 2008, 2009, 2010 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@c Note that we use this texinfo file for all versions of GnuPG: 1.4.x,
+@c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid
+@c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only
+@c valid for GnupG 2.1 and later.
+
+@node Invoking GPG
+@chapter Invoking GPG
+@cindex GPG command options
+@cindex command options
+@cindex options, GPG command
+
+@c Begin GnuPG 1.x specific stuff
+@ifset gpgone
+@macro gpgname
+gpg
+@end macro
+@manpage gpg.1
+@ifset manverb
+.B gpg
+\- OpenPGP encryption and signing tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.I command
+.RI [ args ]
+@end ifset
+@end ifset
+@c End GnuPG 1.x specific stuff
+
+@c Begin GnuPG 2 specific stuff
+@ifclear gpgone
+@macro gpgname
+gpg2
+@end macro
+@manpage gpg2.1
+@ifset manverb
+.B gpg2
+\- OpenPGP encryption and signing tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg2
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.I command
+.RI [ args ]
+@end ifset
+@end ifclear
+@c Begin GnuPG 2 specific stuff
+
+@mansect description
+@command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It
+is a tool to provide digital encryption and signing services using the
+OpenPGP standard. @command{@gpgname} features complete key management and
+all bells and whistles you can expect from a decent OpenPGP
+implementation.
+
+@ifset gpgone
+This is the standalone version of @command{gpg}. For desktop use you
+should consider using @command{gpg2} @footnote{On some platforms gpg2 is
+installed under the name @command{gpg}}.
+@end ifset
+
+@ifclear gpgone
+In contrast to the standalone version @command{gpg}, which is more
+suited for server and embedded platforms, this version is commonly
+installed under the name @command{gpg2} and more targeted to the desktop
+as it requires several other modules to be installed. The standalone
+version will be kept maintained and it is possible to install both
+versions on the same system. If you need to use different configuration
+files, you should make use of something like @file{gpg.conf-2} instead
+of just @file{gpg.conf}.
+@end ifclear
+
+@manpause
+@ifclear gpgone
+Documentation for the old standard @command{gpg} is available as a man
+page and at @inforef{Top,GnuPG 1,gpg}.
+@end ifclear
+
+@xref{Option Index}, for an index to @command{@gpgname}'s commands and options.
+@mancont
+
+@menu
+* GPG Commands:: List of all commands.
+* GPG Options:: List of all options.
+* GPG Configuration:: Configuration files.
+* GPG Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage of GPG:: Using @command{gpg} from other programs.
+@end menu
+
+@c * GPG Protocol:: The protocol the server mode uses.
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** COMMANDS ****************
+@c *************** ****************
+@c *******************************************
+@mansect commands
+@node GPG Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@command{@gpgname} may be run with no commands, in which case it will
+perform a reasonable action depending on the type of file it is given
+as input (an encrypted message is decrypted, a signature is verified,
+a file containing keys is listed).
+
+Please remember that option as well as command parsing stops as soon as
+a non-option is encountered, you can explicitly stop parsing by
+using the special option @option{--}.
+
+
+@menu
+* General GPG Commands:: Commands not specific to the functionality.
+* Operational GPG Commands:: Commands to select the type of operation.
+* OpenPGP Key Management:: How to manage your keys.
+@end menu
+
+
+@c *******************************************
+@c ********** GENERAL COMMANDS *************
+@c *******************************************
+@node General GPG Commands
+@subsection Commands not specific to the function
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you
+cannot abbreviate this command.
+
+@item --help
+@itemx -h
+@opindex help
+Print a usage message summarizing the most useful command line options.
+Note that you cannot abbreviate this command.
+
+@item --warranty
+@opindex warranty
+Print warranty information.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Note that you cannot
+abbreviate this command.
+@end table
+
+
+@c *******************************************
+@c ******** OPERATIONAL COMMANDS ***********
+@c *******************************************
+@node Operational GPG Commands
+@subsection Commands to select the type of operation
+
+
+@table @gnupgtabopt
+
+@item --sign
+@itemx -s
+@opindex sign
+Make a signature. This command may be combined with @option{--encrypt}
+(for a signed and encrypted message), @option{--symmetric} (for a
+signed and symmetrically encrypted message), or @option{--encrypt} and
+@option{--symmetric} together (for a signed message that may be
+decrypted via a secret key or a passphrase). The key to be used for
+signing is chosen by default or can be set with the
+@option{--local-user} and @option{--default-key} options.
+
+@item --clearsign
+@opindex clearsign
+Make a clear text signature. The content in a clear text signature is
+readable without any special software. OpenPGP software is only needed
+to verify the signature. Clear text signatures may modify end-of-line
+whitespace for platform independence and are not intended to be
+reversible. The key to be used for signing is chosen by default or
+can be set with the @option{--local-user} and @option{--default-key}
+options.
+
+
+@item --detach-sign
+@itemx -b
+@opindex detach-sign
+Make a detached signature.
+
+@item --encrypt
+@itemx -e
+@opindex encrypt
+Encrypt data. This option may be combined with @option{--sign} (for a
+signed and encrypted message), @option{--symmetric} (for a message that
+may be decrypted via a secret key or a passphrase), or @option{--sign}
+and @option{--symmetric} together (for a signed message that may be
+decrypted via a secret key or a passphrase).
+
+@item --symmetric
+@itemx -c
+@opindex symmetric
+Encrypt with a symmetric cipher using a passphrase. The default
+symmetric cipher used is CAST5, but may be chosen with the
+@option{--cipher-algo} option. This option may be combined with
+@option{--sign} (for a signed and symmetrically encrypted message),
+@option{--encrypt} (for a message that may be decrypted via a secret key
+or a passphrase), or @option{--sign} and @option{--encrypt} together
+(for a signed message that may be decrypted via a secret key or a
+passphrase).
+
+@item --store
+@opindex store
+Store only (make a simple RFC1991 literal data packet).
+
+@item --decrypt
+@itemx -d
+@opindex decrypt
+Decrypt the file given on the command line (or STDIN if no file
+is specified) and write it to STDOUT (or the file specified with
+@option{--output}). If the decrypted file is signed, the signature is also
+verified. This command differs from the default operation, as it never
+writes to the filename which is included in the file and it rejects
+files which don't begin with an encrypted message.
+
+@item --verify
+@opindex verify
+Assume that the first argument is a signed file or a detached signature
+and verify it without generating any output. With no arguments, the
+signature packet is read from STDIN. If only a sigfile is given, it may
+be a complete signature or a detached signature, in which case the
+signed stuff is expected in a file without the ".sig" or ".asc"
+extension. With more than 1 argument, the first should be a detached
+signature and the remaining files are the signed stuff. To read the
+signed stuff from STDIN, use @samp{-} as the second filename. For
+security reasons a detached signature cannot read the signed material
+from STDIN without denoting it in the above way.
+
+@item --multifile
+@opindex multifile
+This modifies certain other commands to accept multiple files for
+processing on the command line or read from STDIN with each filename on
+a separate line. This allows for many files to be processed at
+once. @option{--multifile} may currently be used along with
+@option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that
+@option{--multifile --verify} may not be used with detached signatures.
+
+@item --verify-files
+@opindex verify-files
+Identical to @option{--multifile --verify}.
+
+@item --encrypt-files
+@opindex encrypt-files
+Identical to @option{--multifile --encrypt}.
+
+@item --decrypt-files
+@opindex decrypt-files
+Identical to @option{--multifile --decrypt}.
+
+@item --list-keys
+@itemx -k
+@itemx --list-public-keys
+@opindex list-keys
+List all keys from the public keyrings, or just the keys given on the
+command line.
+@ifset gpgone
+@option{-k} is slightly different from @option{--list-keys} in that it
+allows only for one argument and takes the second argument as the
+keyring to search. This is for command line compatibility with PGP 2
+and has been removed in @command{gpg2}.
+@end ifset
+
+Avoid using the output of this command in scripts or other programs as
+it is likely to change as GnuPG changes. See @option{--with-colons} for a
+machine-parseable key listing command that is appropriate for use in
+scripts and other programs.
+
+@item --list-secret-keys
+@itemx -K
+@opindex list-secret-keys
+List all keys from the secret keyrings, or just the ones given on the
+command line. A @code{#} after the letters @code{sec} means that the
+secret key is not usable (for example, if it was created via
+@option{--export-secret-subkeys}).
+
+@item --list-sigs
+@opindex list-sigs
+Same as @option{--list-keys}, but the signatures are listed too.
+@ifclear gpgone
+This command has the same effect as
+using @option{--list-keys} with @option{--with-sig-list}.
+@end ifclear
+
+For each signature listed, there are several flags in between the "sig"
+tag and keyid. These flags give additional information about each
+signature. From left to right, they are the numbers 1-3 for certificate
+check level (see @option{--ask-cert-level}), "L" for a local or
+non-exportable signature (see @option{--lsign-key}), "R" for a
+nonRevocable signature (see the @option{--edit-key} command "nrsign"),
+"P" for a signature that contains a policy URL (see
+@option{--cert-policy-url}), "N" for a signature that contains a
+notation (see @option{--cert-notation}), "X" for an eXpired signature
+(see @option{--ask-cert-expire}), and the numbers 1-9 or "T" for 10 and
+above to indicate trust signature levels (see the @option{--edit-key}
+command "tsign").
+
+@item --check-sigs
+@opindex check-sigs
+Same as @option{--list-sigs}, but the signatures are verified. Note
+that for performance reasons the revocation status of a signing key is
+not shown.
+@ifclear gpgone
+This command has the same effect as
+using @option{--list-keys} with @option{--with-sig-check}.
+@end ifclear
+
+The status of the verification is indicated by a flag directly following
+the "sig" tag (and thus before the flags described above for
+@option{--list-sigs}). A "!" indicates that the signature has been
+successfully verified, a "-" denotes a bad signature and a "%" is used
+if an error occurred while checking the signature (e.g. a non supported
+algorithm).
+
+@ifclear gpgone
+@item --locate-keys
+@opindex locate-keys
+Locate the keys given as arguments. This command basically uses the
+same algorithm as used when locating keys for encryption or signing and
+may thus be used to see what keys @command{@gpgname} might use. In
+particular external methods as defined by @option{--auto-key-locate} may
+be used to locate a key. Only public keys are listed.
+@end ifclear
+
+
+@item --fingerprint
+@opindex fingerprint
+List all keys (or the specified ones) along with their
+fingerprints. This is the same output as @option{--list-keys} but with
+the additional output of a line with the fingerprint. May also be
+combined with @option{--list-sigs} or @option{--check-sigs}. If this
+command is given twice, the fingerprints of all secondary keys are
+listed too.
+
+@item --list-packets
+@opindex list-packets
+List only the sequence of packets. This is mainly
+useful for debugging.
+
+
+@item --card-edit
+@opindex card-edit
+Present a menu to work with a smartcard. The subcommand "help" provides
+an overview on available commands. For a detailed description, please
+see the Card HOWTO at
+http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
+
+@item --card-status
+@opindex card-status
+Show the content of the smart card.
+
+@item --change-pin
+@opindex change-pin
+Present a menu to allow changing the PIN of a smartcard. This
+functionality is also available as the subcommand "passwd" with the
+@option{--card-edit} command.
+
+@item --delete-key @code{name}
+@opindex delete-key
+Remove key from the public keyring. In batch mode either @option{--yes} is
+required or the key must be specified by fingerprint. This is a
+safeguard against accidental deletion of multiple keys.
+
+@item --delete-secret-key @code{name}
+@opindex delete-secret-key
+Remove key from the secret and public keyring. In batch mode the key
+must be specified by fingerprint.
+
+@item --delete-secret-and-public-key @code{name}
+@opindex delete-secret-and-public-key
+Same as @option{--delete-key}, but if a secret key exists, it will be
+removed first. In batch mode the key must be specified by fingerprint.
+
+@item --export
+@opindex export
+Either export all keys from all keyrings (default keyrings and those
+registered via option @option{--keyring}), or if at least one name is given,
+those of the given name. The new keyring is written to STDOUT or to the
+file given with option @option{--output}. Use together with
+@option{--armor} to mail those keys.
+
+@item --send-keys @code{key IDs}
+@opindex send-keys
+Similar to @option{--export} but sends the keys to a keyserver.
+Fingerprints may be used instead of key IDs. Option @option{--keyserver}
+must be used to give the name of this keyserver. Don't send your
+complete keyring to a keyserver --- select only those keys which are new
+or changed by you. If no key IDs are given, @command{gpg} does nothing.
+
+@item --export-secret-keys
+@itemx --export-secret-subkeys
+@opindex export-secret-keys
+@opindex export-secret-subkeys
+Same as @option{--export}, but exports the secret keys instead. This is
+normally not very useful and a security risk. The second form of the
+command has the special property to render the secret part of the
+primary key useless; this is a GNU extension to OpenPGP and other
+implementations can not be expected to successfully import such a key.
+@ifclear gpgtwoone
+See the option @option{--simple-sk-checksum} if you want to import such
+an exported key with an older OpenPGP implementation.
+@end ifclear
+
+@item --import
+@itemx --fast-import
+@opindex import
+Import/merge keys. This adds the given keys to the
+keyring. The fast version is currently just a synonym.
+
+There are a few other options which control how this command works.
+Most notable here is the @option{--import-options merge-only} option
+which does not insert new keys but does only the merging of new
+signatures, user-IDs and subkeys.
+
+@item --recv-keys @code{key IDs}
+@opindex recv-keys
+Import the keys with the given key IDs from a keyserver. Option
+@option{--keyserver} must be used to give the name of this keyserver.
+
+@item --refresh-keys
+@opindex refresh-keys
+Request updates from a keyserver for keys that already exist on the
+local keyring. This is useful for updating a key with the latest
+signatures, user IDs, etc. Calling this with no arguments will refresh
+the entire keyring. Option @option{--keyserver} must be used to give the
+name of the keyserver for all keys that do not have preferred keyservers
+set (see @option{--keyserver-options honor-keyserver-url}).
+
+@item --search-keys @code{names}
+@opindex search-keys
+Search the keyserver for the given names. Multiple names given here will
+be joined together to create the search string for the keyserver.
+Option @option{--keyserver} must be used to give the name of this
+keyserver. Keyservers that support different search methods allow using
+the syntax specified in "How to specify a user ID" below. Note that
+different keyserver types support different search methods. Currently
+only LDAP supports them all.
+
+@item --fetch-keys @code{URIs}
+@opindex fetch-keys
+Retrieve keys located at the specified URIs. Note that different
+installations of GnuPG may support different protocols (HTTP, FTP,
+LDAP, etc.)
+
+@item --update-trustdb
+@opindex update-trustdb
+Do trust database maintenance. This command iterates over all keys and
+builds the Web of Trust. This is an interactive command because it may
+have to ask for the "ownertrust" values for keys. The user has to give
+an estimation of how far she trusts the owner of the displayed key to
+correctly certify (sign) other keys. GnuPG only asks for the ownertrust
+value if it has not yet been assigned to a key. Using the
+@option{--edit-key} menu, the assigned value can be changed at any time.
+
+@item --check-trustdb
+@opindex check-trustdb
+Do trust database maintenance without user interaction. From time to
+time the trust database must be updated so that expired keys or
+signatures and the resulting changes in the Web of Trust can be
+tracked. Normally, GnuPG will calculate when this is required and do it
+automatically unless @option{--no-auto-check-trustdb} is set. This
+command can be used to force a trust database check at any time. The
+processing is identical to that of @option{--update-trustdb} but it
+skips keys with a not yet defined "ownertrust".
+
+For use with cron jobs, this command can be used together with
+@option{--batch} in which case the trust database check is done only if
+a check is needed. To force a run even in batch mode add the option
+@option{--yes}.
+
+@anchor{option --export-ownertrust}
+@item --export-ownertrust
+@opindex export-ownertrust
+Send the ownertrust values to STDOUT. This is useful for backup purposes
+as these values are the only ones which can't be re-created from a
+corrupted trustdb. Example:
+@c man:.RS
+@example
+ @gpgname{} --export-ownertrust > otrust.txt
+@end example
+@c man:.RE
+
+
+@item --import-ownertrust
+@opindex import-ownertrust
+Update the trustdb with the ownertrust values stored in @code{files} (or
+STDIN if not given); existing values will be overwritten. In case of a
+severely damaged trustdb and if you have a recent backup of the
+ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create
+the trustdb using these commands:
+@c man:.RS
+@example
+ cd ~/.gnupg
+ rm trustdb.gpg
+ @gpgname{} --import-ownertrust < otrust.txt
+@end example
+@c man:.RE
+
+
+@item --rebuild-keydb-caches
+@opindex rebuild-keydb-caches
+When updating from version 1.0.6 to 1.0.7 this command should be used
+to create signature caches in the keyring. It might be handy in other
+situations too.
+
+@item --print-md @code{algo}
+@itemx --print-mds
+@opindex print-md
+Print message digest of algorithm ALGO for all given files or STDIN.
+With the second form (or a deprecated "*" as algo) digests for all
+available algorithms are printed.
+
+@item --gen-random @code{0|1|2} @code{count}
+@opindex gen-random
+Emit @var{count} random bytes of the given quality level 0, 1 or 2. If
+@var{count} is not given or zero, an endless sequence of random bytes
+will be emitted. If used with @option{--armor} the output will be
+base64 encoded. PLEASE, don't use this command unless you know what
+you are doing; it may remove precious entropy from the system!
+
+@item --gen-prime @code{mode} @code{bits}
+@opindex gen-prime
+Use the source, Luke :-). The output format is still subject to change.
+
+
+@item --enarmor
+@item --dearmor
+@opindex enarmor
+@opindex dearmor
+Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor.
+This is a GnuPG extension to OpenPGP and in general not very useful.
+
+@end table
+
+
+@c *******************************************
+@c ******* KEY MANGEMENT COMMANDS **********
+@c *******************************************
+@node OpenPGP Key Management
+@subsection How to manage your keys
+
+This section explains the main commands for key management
+
+@table @gnupgtabopt
+
+@item --gen-key
+@opindex gen-key
+Generate a new key pair. This command is normally only used
+interactively.
+
+There is an experimental feature which allows you to create keys in
+batch mode. See the file @file{doc/DETAILS} in the source distribution
+on how to use this.
+
+@item --gen-revoke @code{name}
+@opindex gen-revoke
+Generate a revocation certificate for the complete key. To revoke
+a subkey or a signature, use the @option{--edit} command.
+
+@item --desig-revoke @code{name}
+@opindex desig-revoke
+Generate a designated revocation certificate for a key. This allows a
+user (with the permission of the keyholder) to revoke someone else's
+key.
+
+
+@item --edit-key
+@opindex edit-key
+Present a menu which enables you to do most of the key management
+related tasks. It expects the specification of a key on the command
+line.
+
+@c ******** Begin Edit-key Options **********
+@table @asis
+
+ @item uid @code{n}
+ @opindex keyedit:uid
+ Toggle selection of user ID or photographic user ID with index @code{n}.
+ Use @code{*} to select all and @code{0} to deselect all.
+
+ @item key @code{n}
+ @opindex keyedit:key
+ Toggle selection of subkey with index @code{n}.
+ Use @code{*} to select all and @code{0} to deselect all.
+
+ @item sign
+ @opindex keyedit:sign
+ Make a signature on key of user @code{name} If the key is not yet
+ signed by the default user (or the users given with -u), the program
+ displays the information of the key again, together with its
+ fingerprint and asks whether it should be signed. This question is
+ repeated for all users specified with
+ -u.
+
+ @item lsign
+ @opindex keyedit:lsign
+ Same as "sign" but the signature is marked as non-exportable and will
+ therefore never be used by others. This may be used to make keys
+ valid only in the local environment.
+
+ @item nrsign
+ @opindex keyedit:nrsign
+ Same as "sign" but the signature is marked as non-revocable and can
+ therefore never be revoked.
+
+ @item tsign
+ @opindex keyedit:tsign
+ Make a trust signature. This is a signature that combines the notions
+ of certification (like a regular signature), and trust (like the
+ "trust" command). It is generally only useful in distinct communities
+ or groups.
+@end table
+
+@c man:.RS
+Note that "l" (for local / non-exportable), "nr" (for non-revocable,
+and "t" (for trust) may be freely mixed and prefixed to "sign" to
+create a signature of any type desired.
+@c man:.RE
+
+@table @asis
+
+ @item delsig
+ @opindex keyedit:delsig
+ Delete a signature. Note that it is not possible to retract a signature,
+ once it has been send to the public (i.e. to a keyserver). In that case
+ you better use @code{revsig}.
+
+ @item revsig
+ @opindex keyedit:revsig
+ Revoke a signature. For every signature which has been generated by
+ one of the secret keys, GnuPG asks whether a revocation certificate
+ should be generated.
+
+ @item check
+ @opindex keyedit:check
+ Check the signatures on all selected user IDs.
+
+ @item adduid
+ @opindex keyedit:adduid
+ Create an additional user ID.
+
+ @item addphoto
+ @opindex keyedit:addphoto
+ Create a photographic user ID. This will prompt for a JPEG file that
+ will be embedded into the user ID. Note that a very large JPEG will make
+ for a very large key. Also note that some programs will display your
+ JPEG unchanged (GnuPG), and some programs will scale it to fit in a
+ dialog box (PGP).
+
+ @item showphoto
+ @opindex keyedit:showphoto
+ Display the selected photographic user ID.
+
+ @item deluid
+ @opindex keyedit:deluid
+ Delete a user ID or photographic user ID. Note that it is not
+ possible to retract a user id, once it has been send to the public
+ (i.e. to a keyserver). In that case you better use @code{revuid}.
+
+ @item revuid
+ @opindex keyedit:revuid
+ Revoke a user ID or photographic user ID.
+
+ @item primary
+ @opindex keyedit:primary
+ Flag the current user id as the primary one, removes the primary user
+ id flag from all other user ids and sets the timestamp of all affected
+ self-signatures one second ahead. Note that setting a photo user ID
+ as primary makes it primary over other photo user IDs, and setting a
+ regular user ID as primary makes it primary over other regular user
+ IDs.
+
+ @item keyserver
+ @opindex keyedit:keyserver
+ Set a preferred keyserver for the specified user ID(s). This allows
+ other users to know where you prefer they get your key from. See
+ @option{--keyserver-options honor-keyserver-url} for more on how this
+ works. Setting a value of "none" removes an existing preferred
+ keyserver.
+
+ @item notation
+ @opindex keyedit:notation
+ Set a name=value notation for the specified user ID(s). See
+ @option{--cert-notation} for more on how this works. Setting a value of
+ "none" removes all notations, setting a notation prefixed with a minus
+ sign (-) removes that notation, and setting a notation name (without the
+ =value) prefixed with a minus sign removes all notations with that name.
+
+ @item pref
+ @opindex keyedit:pref
+ List preferences from the selected user ID. This shows the actual
+ preferences, without including any implied preferences.
+
+ @item showpref
+ @opindex keyedit:showpref
+ More verbose preferences listing for the selected user ID. This shows
+ the preferences in effect by including the implied preferences of 3DES
+ (cipher), SHA-1 (digest), and Uncompressed (compression) if they are
+ not already included in the preference list. In addition, the
+ preferred keyserver and signature notations (if any) are shown.
+
+ @item setpref @code{string}
+ @opindex keyedit:setpref
+ Set the list of user ID preferences to @code{string} for all (or just
+ the selected) user IDs. Calling setpref with no arguments sets the
+ preference list to the default (either built-in or set via
+ @option{--default-preference-list}), and calling setpref with "none"
+ as the argument sets an empty preference list. Use @command{@gpgname
+ --version} to get a list of available algorithms. Note that while you
+ can change the preferences on an attribute user ID (aka "photo ID"),
+ GnuPG does not select keys via attribute user IDs so these preferences
+ will not be used by GnuPG.
+
+ When setting preferences, you should list the algorithms in the order
+ which you'd like to see them used by someone else when encrypting a
+ message to your key. If you don't include 3DES, it will be
+ automatically added at the end. Note that there are many factors that
+ go into choosing an algorithm (for example, your key may not be the
+ only recipient), and so the remote OpenPGP application being used to
+ send to you may or may not follow your exact chosen order for a given
+ message. It will, however, only choose an algorithm that is present
+ on the preference list of every recipient key. See also the
+ INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
+
+ @item addkey
+ @opindex keyedit:addkey
+ Add a subkey to this key.
+
+ @item addcardkey
+ @opindex keyedit:addcardkey
+ Generate a subkey on a card and add it to this key.
+
+ @item keytocard
+ @opindex keyedit:keytocard
+ Transfer the selected secret subkey (or the primary key if no subkey
+ has been selected) to a smartcard. The secret key in the keyring will
+ be replaced by a stub if the key could be stored successfully on the
+ card and you use the save command later. Only certain key types may be
+ transferred to the card. A sub menu allows you to select on what card
+ to store the key. Note that it is not possible to get that key back
+ from the card - if the card gets broken your secret key will be lost
+ unless you have a backup somewhere.
+
+ @item bkuptocard @code{file}
+ @opindex keyedit:bkuptocard
+ Restore the given file to a card. This command may be used to restore a
+ backup key (as generated during card initialization) to a new card. In
+ almost all cases this will be the encryption key. You should use this
+ command only with the corresponding public key and make sure that the
+ file given as argument is indeed the backup to restore. You should then
+ select 2 to restore as encryption key. You will first be asked to enter
+ the passphrase of the backup key and then for the Admin PIN of the card.
+
+ @item delkey
+ @opindex keyedit:delkey
+ Remove a subkey (secondart key). Note that it is not possible to retract
+ a subkey, once it has been send to the public (i.e. to a keyserver). In
+ that case you better use @code{revkey}.
+
+ @item revkey
+ @opindex keyedit:revkey
+ Revoke a subkey.
+
+ @item expire
+ @opindex keyedit:expire
+ Change the key or subkey expiration time. If a subkey is selected, the
+ expiration time of this subkey will be changed. With no selection, the
+ key expiration of the primary key is changed.
+
+ @item trust
+ @opindex keyedit:trust
+ Change the owner trust value for the key. This updates the trust-db
+ immediately and no save is required.
+
+ @item disable
+ @itemx enable
+ @opindex keyedit:disable
+ @opindex keyedit:enable
+ Disable or enable an entire key. A disabled key can not normally be
+ used for encryption.
+
+ @item addrevoker
+ @opindex keyedit:addrevoker
+ Add a designated revoker to the key. This takes one optional argument:
+ "sensitive". If a designated revoker is marked as sensitive, it will
+ not be exported by default (see export-options).
+
+ @item passwd
+ @opindex keyedit:passwd
+ Change the passphrase of the secret key.
+
+ @item toggle
+ @opindex keyedit:toggle
+ Toggle between public and secret key listing.
+
+ @item clean
+ @opindex keyedit:clean
+ Compact (by removing all signatures except the selfsig) any user ID
+ that is no longer usable (e.g. revoked, or expired). Then, remove any
+ signatures that are not usable by the trust calculations.
+ Specifically, this removes any signature that does not validate, any
+ signature that is superseded by a later signature, revoked signatures,
+ and signatures issued by keys that are not present on the keyring.
+
+ @item minimize
+ @opindex keyedit:minimize
+ Make the key as small as possible. This removes all signatures from
+ each user ID except for the most recent self-signature.
+
+ @item cross-certify
+ @opindex keyedit:cross-certify
+ Add cross-certification signatures to signing subkeys that may not
+ currently have them. Cross-certification signatures protect against a
+ subtle attack against signing subkeys. See
+ @option{--require-cross-certification}. All new keys generated have
+ this signature by default, so this option is only useful to bring
+ older keys up to date.
+
+ @item save
+ @opindex keyedit:save
+ Save all changes to the key rings and quit.
+
+ @item quit
+ @opindex keyedit:quit
+ Quit the program without updating the
+ key rings.
+@end table
+
+@c man:.RS
+The listing shows you the key with its secondary keys and all user
+ids. The primary user id is indicated by a dot, and selected keys or
+user ids are indicated by an asterisk. The trust
+value is displayed with the primary key: the first is the assigned owner
+trust and the second is the calculated trust value. Letters are used for
+the values:
+@c man:.RE
+
+@table @asis
+
+ @item -
+ No ownertrust assigned / not yet calculated.
+
+ @item e
+ Trust
+ calculation has failed; probably due to an expired key.
+
+ @item q
+ Not enough information for calculation.
+
+ @item n
+ Never trust this key.
+
+ @item m
+ Marginally trusted.
+
+ @item f
+ Fully trusted.
+
+ @item u
+ Ultimately trusted.
+
+@end table
+@c ******** End Edit-key Options **********
+
+@item --sign-key @code{name}
+@opindex sign-key
+Signs a public key with your secret key. This is a shortcut version of
+the subcommand "sign" from @option{--edit}.
+
+@item --lsign-key @code{name}
+@opindex lsign-key
+Signs a public key with your secret key but marks it as
+non-exportable. This is a shortcut version of the subcommand "lsign"
+from @option{--edit-key}.
+
+@ifclear gpgone
+@item --passwd @var{user_id}
+@opindex passwd
+Change the passphrase of the secret key belonging to the certificate
+specified as @var{user_id}. This is a shortcut for the sub-command
+@code{passwd} of the edit key menu.
+@end ifclear
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** OPTIONS ****************
+@c *************** ****************
+@c *******************************************
+@mansect options
+@node GPG Options
+@section Option Summary
+
+@command{@gpgname} features a bunch of options to control the exact
+behaviour and to change the default configuration.
+
+@menu
+* GPG Configuration Options:: How to change the configuration.
+* GPG Key related Options:: Key related options.
+* GPG Input and Output:: Input and Output.
+* OpenPGP Options:: OpenPGP protocol specific options.
+* GPG Esoteric Options:: Doing things one usually don't want to do.
+@end menu
+
+Long options can be put in an options file (default
+"~/.gnupg/gpg.conf"). Short option names will not work - for example,
+"armor" is a valid option for the options file, while "a" is not. Do not
+write the 2 dashes, but simply the name of the option and any required
+arguments. Lines with a hash ('#') as the first non-white-space
+character are ignored. Commands may be put in this file too, but that is
+not generally useful as the command will execute automatically with
+every execution of gpg.
+
+Please remember that option parsing stops as soon as a non-option is
+encountered, you can explicitly stop parsing by using the special option
+@option{--}.
+
+@c *******************************************
+@c ******** CONFIGURATION OPTIONS **********
+@c *******************************************
+@node GPG Configuration Options
+@subsection How to change the configuration
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+@table @gnupgtabopt
+
+@item --default-key @var{name}
+@opindex default-key
+Use @var{name} as the default key to sign with. If this option is not
+used, the default key is the first key found in the secret keyring.
+Note that @option{-u} or @option{--local-user} overrides this option.
+
+@item --default-recipient @var{name}
+@opindex default-recipient
+Use @var{name} as default recipient if option @option{--recipient} is
+not used and don't ask if this is a valid one. @var{name} must be
+non-empty.
+
+@item --default-recipient-self
+@opindex default-recipient-self
+Use the default key as default recipient if option @option{--recipient} is not
+used and don't ask if this is a valid one. The default key is the first
+one from the secret keyring or the one set with @option{--default-key}.
+
+@item --no-default-recipient
+@opindex no-default-recipient
+Reset @option{--default-recipient} and @option{--default-recipient-self}.
+
+@item -v, --verbose
+@opindex verbose
+Give more information during processing. If used
+twice, the input data is listed in detail.
+
+@item --no-verbose
+@opindex no-verbose
+Reset verbose level to 0.
+
+@item -q, --quiet
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --batch
+@itemx --no-batch
+@opindex batch
+@opindex no-batch
+Use batch mode. Never ask, do not allow interactive commands.
+@option{--no-batch} disables this option. Note that even with a
+filename given on the command line, gpg might still need to read from
+STDIN (in particular if gpg figures that the input is a
+detached signature and no data file has been specified). Thus if you
+do not want to feed data via STDIN, you should connect STDIN to
+@file{/dev/null}.
+
+@item --no-tty
+@opindex no-tty
+Make sure that the TTY (terminal) is never used for any output.
+This option is needed in some cases because GnuPG sometimes prints
+warnings to the TTY even if @option{--batch} is used.
+
+@item --yes
+@opindex yes
+Assume "yes" on most questions.
+
+@item --no
+@opindex no
+Assume "no" on most questions.
+
+
+@item --list-options @code{parameters}
+@opindex list-options
+This is a space or comma delimited string that gives options used when
+listing keys and signatures (that is, @option{--list-keys},
+@option{--list-sigs}, @option{--list-public-keys},
+@option{--list-secret-keys}, and the @option{--edit-key} functions).
+Options can be prepended with a @option{no-} (after the two dashes) to
+give the opposite meaning. The options are:
+
+@table @asis
+
+ @item show-photos
+ @opindex list-options:show-photos
+ Causes @option{--list-keys}, @option{--list-sigs},
+ @option{--list-public-keys}, and @option{--list-secret-keys} to
+ display any photo IDs attached to the key. Defaults to no. See also
+ @option{--photo-viewer}. Does not work with @option{--with-colons}:
+ see @option{--attribute-fd} for the appropriate way to get photo data
+ for scripts and other frontends.
+
+ @item show-policy-urls
+ @opindex list-options:show-policy-urls
+ Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
+ listings. Defaults to no.
+
+ @item show-notations
+ @itemx show-std-notations
+ @itemx show-user-notations
+ @opindex list-options:show-notations
+ @opindex list-options:show-std-notations
+ @opindex list-options:show-user-notations
+ Show all, IETF standard, or user-defined signature notations in the
+ @option{--list-sigs} or @option{--check-sigs} listings. Defaults to no.
+
+ @item show-keyserver-urls
+ @opindex list-options:show-keyserver-urls
+ Show any preferred keyserver URL in the @option{--list-sigs} or
+ @option{--check-sigs} listings. Defaults to no.
+
+ @item show-uid-validity
+ @opindex list-options:show-uid-validity
+ Display the calculated validity of user IDs during key listings.
+ Defaults to no.
+
+ @item show-unusable-uids
+ @opindex list-options:show-unusable-uids
+ Show revoked and expired user IDs in key listings. Defaults to no.
+
+ @item show-unusable-subkeys
+ @opindex list-options:show-unusable-subkeys
+ Show revoked and expired subkeys in key listings. Defaults to no.
+
+ @item show-keyring
+ @opindex list-options:show-keyring
+ Display the keyring name at the head of key listings to show which
+ keyring a given key resides on. Defaults to no.
+
+ @item show-sig-expire
+ @opindex list-options:show-sig-expire
+ Show signature expiration dates (if any) during @option{--list-sigs} or
+ @option{--check-sigs} listings. Defaults to no.
+
+ @item show-sig-subpackets
+ @opindex list-options:show-sig-subpackets
+ Include signature subpackets in the key listing. This option can take an
+ optional argument list of the subpackets to list. If no argument is
+ passed, list all subpackets. Defaults to no. This option is only
+ meaningful when using @option{--with-colons} along with
+ @option{--list-sigs} or @option{--check-sigs}.
+
+@end table
+
+@item --verify-options @code{parameters}
+@opindex verify-options
+This is a space or comma delimited string that gives options used when
+verifying signatures. Options can be prepended with a `no-' to give
+the opposite meaning. The options are:
+
+@table @asis
+
+ @item show-photos
+ @opindex verify-options:show-photos
+ Display any photo IDs present on the key that issued the signature.
+ Defaults to no. See also @option{--photo-viewer}.
+
+ @item show-policy-urls
+ @opindex verify-options:show-policy-urls
+ Show policy URLs in the signature being verified. Defaults to no.
+
+ @item show-notations
+ @itemx show-std-notations
+ @itemx show-user-notations
+ @opindex verify-options:show-notations
+ @opindex verify-options:show-std-notations
+ @opindex verify-options:show-user-notations
+ Show all, IETF standard, or user-defined signature notations in the
+ signature being verified. Defaults to IETF standard.
+
+ @item show-keyserver-urls
+ @opindex verify-options:show-keyserver-urls
+ Show any preferred keyserver URL in the signature being verified.
+ Defaults to no.
+
+ @item show-uid-validity
+ @opindex verify-options:show-uid-validity
+ Display the calculated validity of the user IDs on the key that issued
+ the signature. Defaults to no.
+
+ @item show-unusable-uids
+ @opindex verify-options:show-unusable-uids
+ Show revoked and expired user IDs during signature verification.
+ Defaults to no.
+
+ @item show-primary-uid-only
+ @opindex verify-options:show-primary-uid-only
+ Show only the primary user ID during signature verification. That is
+ all the AKA lines as well as photo Ids are not shown with the signature
+ verification status.
+
+ @item pka-lookups
+ @opindex verify-options:pka-lookups
+ Enable PKA lookups to verify sender addresses. Note that PKA is based
+ on DNS, and so enabling this option may disclose information on when
+ and what signatures are verified or to whom data is encrypted. This
+ is similar to the "web bug" described for the auto-key-retrieve
+ feature.
+
+ @item pka-trust-increase
+ @opindex verify-options:pka-trust-increase
+ Raise the trust in a signature to full if the signature passes PKA
+ validation. This option is only meaningful if pka-lookups is set.
+@end table
+
+@item --enable-dsa2
+@itemx --disable-dsa2
+@opindex enable-dsa2
+@opindex disable-dsa2
+Enable hash truncation for all DSA keys even for old DSA Keys up to
+1024 bit. This is also the default with @option{--openpgp}. Note
+that older versions of GnuPG also required this flag to allow the
+generation of DSA larger than 1024 bit.
+
+@item --photo-viewer @code{string}
+@opindex photo-viewer
+This is the command line that should be run to view a photo ID. "%i"
+will be expanded to a filename containing the photo. "%I" does the
+same, except the file will not be deleted once the viewer exits.
+Other flags are "%k" for the key ID, "%K" for the long key ID, "%f"
+for the key fingerprint, "%t" for the extension of the image type
+(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
+"%v" for the single-character calculated validity of the image being
+viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
+"full"),
+and "%%" for an actual percent sign. If neither %i or %I are present,
+then the photo will be supplied to the viewer on standard input.
+
+The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
+STDIN". Note that if your image viewer program is not secure, then
+executing it from GnuPG does not make it secure.
+
+@item --exec-path @code{string}
+@opindex exec-path
+Sets a list of directories to search for photo viewers and keyserver
+helpers. If not provided, keyserver helpers use the compiled-in
+default directory, and photo viewers use the $PATH environment
+variable.
+Note, that on W32 system this value is ignored when searching for
+keyserver helpers.
+
+@item --keyring @code{file}
+@opindex keyring
+Add @code{file} to the current list of keyrings. If @code{file} begins
+with a tilde and a slash, these are replaced by the $HOME directory. If
+the filename does not contain a slash, it is assumed to be in the GnuPG
+home directory ("~/.gnupg" if @option{--homedir} or $GNUPGHOME is not
+used).
+
+Note that this adds a keyring to the current list. If the intent is to
+use the specified keyring alone, use @option{--keyring} along with
+@option{--no-default-keyring}.
+
+@item --secret-keyring @code{file}
+@opindex secret-keyring
+Same as @option{--keyring} but for the secret keyrings.
+
+@item --primary-keyring @code{file}
+@opindex primary-keyring
+Designate @code{file} as the primary public keyring. This means that
+newly imported keys (via @option{--import} or keyserver
+@option{--recv-from}) will go to this keyring.
+
+@item --trustdb-name @code{file}
+@opindex trustdb-name
+Use @code{file} instead of the default trustdb. If @code{file} begins
+with a tilde and a slash, these are replaced by the $HOME directory. If
+the filename does not contain a slash, it is assumed to be in the GnuPG
+home directory (@file{~/.gnupg} if @option{--homedir} or $GNUPGHOME is
+not used).
+
+@ifset gpgone
+@anchor{option --homedir}
+@end ifset
+@include opt-homedir.texi
+
+
+@ifset gpgone
+@item --pcsc-driver @code{file}
+@opindex pcsc-driver
+Use @code{file} to access the smartcard reader. The current default is
+`libpcsclite.so.1' for GLIBC based systems,
+`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
+`winscard.dll' for Windows and `libpcsclite.so' for other systems.
+@end ifset
+
+@ifset gpgone
+@item --disable-ccid
+@opindex disable-ccid
+Disable the integrated support for CCID compliant readers. This
+allows to fall back to one of the other drivers even if the internal
+CCID driver can handle the reader. Note, that CCID support is only
+available if libusb was available at build time.
+@end ifset
+
+@ifset gpgone
+@item --reader-port @code{number_or_string}
+@opindex reader-port
+This option may be used to specify the port of the card terminal. A
+value of 0 refers to the first serial device; add 32768 to access USB
+devices. The default is 32768 (first USB device). PC/SC or CCID
+readers might need a string here; run the program in verbose mode to get
+a list of available readers. The default is then the first reader
+found.
+@end ifset
+
+@item --display-charset @code{name}
+@opindex display-charset
+Set the name of the native character set. This is used to convert
+some informational strings like user IDs to the proper UTF-8 encoding.
+Note that this has nothing to do with the character set of data to be
+encrypted or signed; GnuPG does not recode user-supplied data. If
+this option is not used, the default character set is determined from
+the current locale. A verbosity level of 3 shows the chosen set.
+Valid values for @code{name} are:
+
+@table @asis
+
+ @item iso-8859-1
+ @opindex display-charset:iso-8859-1
+ This is the Latin 1 set.
+
+ @item iso-8859-2
+ @opindex display-charset:iso-8859-2
+ The Latin 2 set.
+
+ @item iso-8859-15
+ @opindex display-charset:iso-8859-15
+ This is currently an alias for
+ the Latin 1 set.
+
+ @item koi8-r
+ @opindex display-charset:koi8-r
+ The usual Russian set (rfc1489).
+
+ @item utf-8
+ @opindex display-charset:utf-8
+ Bypass all translations and assume
+ that the OS uses native UTF-8 encoding.
+@end table
+
+@item --utf8-strings
+@itemx --no-utf8-strings
+@opindex utf8-strings
+Assume that command line arguments are given as UTF8 strings. The
+default (@option{--no-utf8-strings}) is to assume that arguments are
+encoded in the character set as specified by
+@option{--display-charset}. These options affect all following
+arguments. Both options may be used multiple times.
+
+@ifset gpgone
+@anchor{option --options}
+@end ifset
+@item --options @code{file}
+@opindex options
+Read options from @code{file} and do not try to read them from the
+default options file in the homedir (see @option{--homedir}). This
+option is ignored if used in an options file.
+
+@item --no-options
+@opindex no-options
+Shortcut for @option{--options /dev/null}. This option is detected
+before an attempt to open an option file. Using this option will also
+prevent the creation of a @file{~/.gnupg} homedir.
+
+@item -z @code{n}
+@itemx --compress-level @code{n}
+@itemx --bzip2-compress-level @code{n}
+@opindex compress-level
+@opindex bzip2-compress-level
+Set compression level to @code{n} for the ZIP and ZLIB compression
+algorithms. The default is to use the default compression level of zlib
+(normally 6). @option{--bzip2-compress-level} sets the compression level
+for the BZIP2 compression algorithm (defaulting to 6 as well). This is a
+different option from @option{--compress-level} since BZIP2 uses a
+significant amount of memory for each additional compression level.
+@option{-z} sets both. A value of 0 for @code{n} disables compression.
+
+@item --bzip2-decompress-lowmem
+@opindex bzip2-decompress-lowmem
+Use a different decompression method for BZIP2 compressed files. This
+alternate method uses a bit more than half the memory, but also runs
+at half the speed. This is useful under extreme low memory
+circumstances when the file was originally compressed at a high
+@option{--bzip2-compress-level}.
+
+
+@item --mangle-dos-filenames
+@itemx --no-mangle-dos-filenames
+@opindex mangle-dos-filenames
+@opindex no-mangle-dos-filenames
+Older version of Windows cannot handle filenames with more than one
+dot. @option{--mangle-dos-filenames} causes GnuPG to replace (rather
+than add to) the extension of an output filename to avoid this
+problem. This option is off by default and has no effect on non-Windows
+platforms.
+
+@item --ask-cert-level
+@itemx --no-ask-cert-level
+@opindex ask-cert-level
+When making a key signature, prompt for a certification level. If this
+option is not specified, the certification level used is set via
+@option{--default-cert-level}. See @option{--default-cert-level} for
+information on the specific levels and how they are
+used. @option{--no-ask-cert-level} disables this option. This option
+defaults to no.
+
+@item --default-cert-level @code{n}
+@opindex default-cert-level
+The default to use for the check level when signing a key.
+
+0 means you make no particular claim as to how carefully you verified
+the key.
+
+1 means you believe the key is owned by the person who claims to own
+it but you could not, or did not verify the key at all. This is
+useful for a "persona" verification, where you sign the key of a
+pseudonymous user.
+
+2 means you did casual verification of the key. For example, this
+could mean that you verified the key fingerprint and checked the
+user ID on the key against a photo ID.
+
+3 means you did extensive verification of the key. For example, this
+could mean that you verified the key fingerprint with the owner of the
+key in person, and that you checked, by means of a hard to forge
+document with a photo ID (such as a passport) that the name of the key
+owner matches the name in the user ID on the key, and finally that you
+verified (by exchange of email) that the email address on the key
+belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are just that:
+examples. In the end, it is up to you to decide just what "casual"
+and "extensive" mean to you.
+
+This option defaults to 0 (no particular claim).
+
+@item --min-cert-level
+@opindex min-cert-level
+When building the trust database, treat any signatures with a
+certification level below this as invalid. Defaults to 2, which
+disregards level 1 signatures. Note that level 0 "no particular
+claim" signatures are always accepted.
+
+@item --trusted-key @code{long key ID}
+@opindex trusted-key
+Assume that the specified key (which must be given
+as a full 8 byte key ID) is as trustworthy as one of
+your own secret keys. This option is useful if you
+don't want to keep your secret keys (or one of them)
+online but still want to be able to check the validity of a given
+recipient's or signator's key.
+
+@item --trust-model @code{pgp|classic|direct|always|auto}
+@opindex trust-model
+Set what trust model GnuPG should follow. The models are:
+
+@table @asis
+
+ @item pgp
+ @opindex trust-mode:pgp
+ This is the Web of Trust combined with trust signatures as used in PGP
+ 5.x and later. This is the default trust model when creating a new
+ trust database.
+
+ @item classic
+ @opindex trust-mode:classic
+ This is the standard Web of Trust as used in PGP 2.x and earlier.
+
+ @item direct
+ @opindex trust-mode:direct
+ Key validity is set directly by the user and not calculated via the
+ Web of Trust.
+
+ @item always
+ @opindex trust-mode:always
+ Skip key validation and assume that used keys are always fully
+ trusted. You generally won't use this unless you are using some
+ external validation scheme. This option also suppresses the
+ "[uncertain]" tag printed with signature checks when there is no
+ evidence that the user ID is bound to the key.
+
+ @item auto
+ @opindex trust-mode:auto
+ Select the trust model depending on whatever the internal trust
+ database says. This is the default model if such a database already
+ exists.
+@end table
+
+@item --auto-key-locate @code{parameters}
+@itemx --no-auto-key-locate
+@opindex auto-key-locate
+GnuPG can automatically locate and retrieve keys as needed using this
+option. This happens when encrypting to an email address (in the
+"user@@example.com" form), and there are no user@@example.com keys on
+the local keyring. This option takes any number of the following
+mechanisms, in the order they are to be tried:
+
+@table @asis
+
+ @item cert
+ Locate a key using DNS CERT, as specified in rfc4398.
+
+ @item pka
+ Locate a key using DNS PKA.
+
+ @item ldap
+ Using DNS Service Discovery, check the domain in question for any LDAP
+ keyservers to use. If this fails, attempt to locate the key using the
+ PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
+
+ @item keyserver
+ Locate a key using whatever keyserver is defined using the
+ @option{--keyserver} option.
+
+ @item keyserver-URL
+ In addition, a keyserver URL as used in the @option{--keyserver} option
+ may be used here to query that particular keyserver.
+
+ @item local
+ Locate the key using the local keyrings. This mechanism allows to
+ select the order a local key lookup is done. Thus using
+ @samp{--auto-key-locate local} is identical to
+ @option{--no-auto-key-locate}.
+
+ @item nodefault
+ This flag disables the standard local key lookup, done before any of the
+ mechanisms defined by the @option{--auto-key-locate} are tried. The
+ position of this mechanism in the list does not matter. It is not
+ required if @code{local} is also used.
+
+@end table
+
+@item --keyid-format @code{short|0xshort|long|0xlong}
+@opindex keyid-format
+Select how to display key IDs. "short" is the traditional 8-character
+key ID. "long" is the more accurate (but less convenient)
+16-character key ID. Add an "0x" to either to include an "0x" at the
+beginning of the key ID, as in 0x99242560. Note that this option is
+ignored if the option --with-colons is used.
+
+@item --keyserver @code{name}
+@opindex keyserver
+Use @code{name} as your keyserver. This is the server that
+@option{--recv-keys}, @option{--send-keys}, and @option{--search-keys}
+will communicate with to receive keys from, send keys to, and search for
+keys on. The format of the @code{name} is a URI:
+`scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
+"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
+keyservers, or "mailto" for the Graff email keyserver. Note that your
+particular installation of GnuPG may have other keyserver types
+available as well. Keyserver schemes are case-insensitive. After the
+keyserver name, optional keyserver configuration options may be
+provided. These are the same as the global @option{--keyserver-options}
+from below, but apply only to this particular keyserver.
+
+Most keyservers synchronize with each other, so there is generally no
+need to send keys to more than one server. The keyserver
+@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
+keyserver each time you use it.
+
+@item --keyserver-options @code{name=value1 }
+@opindex keyserver-options
+This is a space or comma delimited string that gives options for the
+keyserver. Options can be prefixed with a `no-' to give the opposite
+meaning. Valid import-options or export-options may be used here as
+well to apply to importing (@option{--recv-key}) or exporting
+(@option{--send-key}) a key from a keyserver. While not all options
+are available for all keyserver types, some common options are:
+
+@table @asis
+
+ @item include-revoked
+ When searching for a key with @option{--search-keys}, include keys that
+ are marked on the keyserver as revoked. Note that not all keyservers
+ differentiate between revoked and unrevoked keys, and for such
+ keyservers this option is meaningless. Note also that most keyservers do
+ not have cryptographic verification of key revocations, and so turning
+ this option off may result in skipping keys that are incorrectly marked
+ as revoked.
+
+ @item include-disabled
+ When searching for a key with @option{--search-keys}, include keys that
+ are marked on the keyserver as disabled. Note that this option is not
+ used with HKP keyservers.
+
+ @item auto-key-retrieve
+ This option enables the automatic retrieving of keys from a keyserver
+ when verifying signatures made by keys that are not on the local
+ keyring.
+
+ Note that this option makes a "web bug" like behavior possible.
+ Keyserver operators can see which keys you request, so by sending you
+ a message signed by a brand new key (which you naturally will not have
+ on your local keyring), the operator can tell both your IP address and
+ the time when you verified the signature.
+
+ @item honor-keyserver-url
+ When using @option{--refresh-keys}, if the key in question has a preferred
+ keyserver URL, then use that preferred keyserver to refresh the key
+ from. In addition, if auto-key-retrieve is set, and the signature
+ being verified has a preferred keyserver URL, then use that preferred
+ keyserver to fetch the key from. Defaults to yes.
+
+ @item honor-pka-record
+ If auto-key-retrieve is set, and the signature being verified has a
+ PKA record, then use the PKA information to fetch the key. Defaults
+ to yes.
+
+ @item include-subkeys
+ When receiving a key, include subkeys as potential targets. Note that
+ this option is not used with HKP keyservers, as they do not support
+ retrieving keys by subkey id.
+
+ @item use-temp-files
+ On most Unix-like platforms, GnuPG communicates with the keyserver
+ helper program via pipes, which is the most efficient method. This
+ option forces GnuPG to use temporary files to communicate. On some
+ platforms (such as Win32 and RISC OS), this option is always enabled.
+
+ @item keep-temp-files
+ If using `use-temp-files', do not delete the temp files after using
+ them. This option is useful to learn the keyserver communication
+ protocol by reading the temporary files.
+
+ @item verbose
+ Tell the keyserver helper program to be more verbose. This option can
+ be repeated multiple times to increase the verbosity level.
+
+ @item timeout
+ Tell the keyserver helper program how long (in seconds) to try and
+ perform a keyserver action before giving up. Note that performing
+ multiple actions at the same time uses this timeout value per action.
+ For example, when retrieving multiple keys via @option{--recv-keys}, the
+ timeout applies separately to each key retrieval, and not to the
+ @option{--recv-keys} command as a whole. Defaults to 30 seconds.
+
+ @item http-proxy=@code{value}
+ Set the proxy to use for HTTP and HKP keyservers. This overrides the
+ "http_proxy" environment variable, if any.
+
+
+@ifclear gpgtwoone
+ @item max-cert-size
+ When retrieving a key via DNS CERT, only accept keys up to this size.
+ Defaults to 16384 bytes.
+@end ifclear
+
+ @item debug
+ Turn on debug output in the keyserver helper program. Note that the
+ details of debug output depends on which keyserver helper program is
+ being used, and in turn, on any libraries that the keyserver helper
+ program uses internally (libcurl, openldap, etc).
+
+ @item check-cert
+ Enable certificate checking if the keyserver presents one (for hkps or
+ ldaps). Defaults to on.
+
+ @item ca-cert-file
+ Provide a certificate store to override the system default. Only
+ necessary if check-cert is enabled, and the keyserver is using a
+ certificate that is not present in a system default certificate list.
+
+ Note that depending on the SSL library that the keyserver helper is
+ built with, this may actually be a directory or a file.
+@end table
+
+@item --completes-needed @code{n}
+@opindex compliant-needed
+Number of completely trusted users to introduce a new
+key signer (defaults to 1).
+
+@item --marginals-needed @code{n}
+@opindex marginals-needed
+Number of marginally trusted users to introduce a new
+key signer (defaults to 3)
+
+@item --max-cert-depth @code{n}
+@opindex max-cert-depth
+Maximum depth of a certification chain (default is 5).
+
+@ifclear gpgtwoone
+@item --simple-sk-checksum
+@opindex simple-sk-checksum
+Secret keys are integrity protected by using a SHA-1 checksum. This
+method is part of the upcoming enhanced OpenPGP specification but
+GnuPG already uses it as a countermeasure against certain attacks.
+Old applications don't understand this new format, so this option may
+be used to switch back to the old behaviour. Using this option bears
+a security risk. Note that using this option only takes effect when
+the secret key is encrypted - the simplest way to make this happen is
+to change the passphrase on the key (even changing it to the same
+value is acceptable).
+@end ifclear
+
+@item --no-sig-cache
+@opindex no-sig-cache
+Do not cache the verification status of key signatures.
+Caching gives a much better performance in key listings. However, if
+you suspect that your public keyring is not save against write
+modifications, you can use this option to disable the caching. It
+probably does not make sense to disable it because all kind of damage
+can be done if someone else has write access to your public keyring.
+
+@item --no-sig-create-check
+@opindex no-sig-create-check
+GnuPG normally verifies each signature right after creation to protect
+against bugs and hardware malfunctions which could leak out bits from
+the secret key. This extra verification needs some time (about 115%
+for DSA keys), and so this option can be used to disable it.
+However, due to the fact that the signature creation needs manual
+interaction, this performance penalty does not matter in most settings.
+
+@item --auto-check-trustdb
+@itemx --no-auto-check-trustdb
+@opindex auto-check-trustdb
+If GnuPG feels that its information about the Web of Trust has to be
+updated, it automatically runs the @option{--check-trustdb} command
+internally. This may be a time consuming
+process. @option{--no-auto-check-trustdb} disables this option.
+
+@item --use-agent
+@itemx --no-use-agent
+@opindex use-agent
+@ifclear gpgone
+This is dummy option. @command{@gpgname} always requires the agent.
+@end ifclear
+@ifset gpgone
+Try to use the GnuPG-Agent. With this option, GnuPG first tries to
+connect to the agent before it asks for a
+passphrase. @option{--no-use-agent} disables this option.
+@end ifset
+
+@item --gpg-agent-info
+@opindex gpg-agent-info
+@ifclear gpgone
+This is dummy option. It has no effect when used with @command{gpg2}.
+@end ifclear
+@ifset gpgone
+Override the value of the environment variable
+@samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has
+been given. Given that this option is not anymore used by
+@command{gpg2}, it should be avoided if possible.
+@end ifset
+
+@item --lock-once
+@opindex lock-once
+Lock the databases the first time a lock is requested
+and do not release the lock until the process
+terminates.
+
+@item --lock-multiple
+@opindex lock-multiple
+Release the locks every time a lock is no longer
+needed. Use this to override a previous @option{--lock-once}
+from a config file.
+
+@item --lock-never
+@opindex lock-never
+Disable locking entirely. This option should be used only in very
+special environments, where it can be assured that only one process
+is accessing those files. A bootable floppy with a stand-alone
+encryption system will probably use this. Improper usage of this
+option may lead to data and key corruption.
+
+@item --exit-on-status-write-error
+@opindex exit-on-status-write-error
+This option will cause write errors on the status FD to immediately
+terminate the process. That should in fact be the default but it never
+worked this way and thus we need an option to enable this, so that the
+change won't break applications which close their end of a status fd
+connected pipe too early. Using this option along with
+@option{--enable-progress-filter} may be used to cleanly cancel long
+running gpg operations.
+
+@item --limit-card-insert-tries @code{n}
+@opindex limit-card-insert-tries
+With @code{n} greater than 0 the number of prompts asking to insert a
+smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
+all ask to insert a card if none has been inserted at startup. This
+option is useful in the configuration file in case an application does
+not know about the smartcard support and waits ad infinitum for an
+inserted card.
+
+@item --no-random-seed-file
+@opindex no-random-seed-file
+GnuPG uses a file to store its internal random pool over invocations.
+This makes random generation faster; however sometimes write operations
+are not desired. This option can be used to achieve that with the cost of
+slower random generation.
+
+@item --no-greeting
+@opindex no-greeting
+Suppress the initial copyright message.
+
+@item --no-secmem-warning
+@opindex no-secmem-warning
+Suppress the warning about "using insecure memory".
+
+@item --no-permission-warning
+@opindex permission-warning
+Suppress the warning about unsafe file and home directory (@option{--homedir})
+permissions. Note that the permission checks that GnuPG performs are
+not intended to be authoritative, but rather they simply warn about
+certain common permission problems. Do not assume that the lack of a
+warning means that your system is secure.
+
+Note that the warning for unsafe @option{--homedir} permissions cannot be
+suppressed in the gpg.conf file, as this would allow an attacker to
+place an unsafe gpg.conf file in place, and use this file to suppress
+warnings about itself. The @option{--homedir} permissions warning may only be
+suppressed on the command line.
+
+@item --no-mdc-warning
+@opindex no-mdc-warning
+Suppress the warning about missing MDC integrity protection.
+
+@item --require-secmem
+@itemx --no-require-secmem
+@opindex require-secmem
+Refuse to run if GnuPG cannot get secure memory. Defaults to no
+(i.e. run, but give a warning).
+
+
+@item --require-cross-certification
+@itemx --no-require-cross-certification
+@opindex require-cross-certification
+When verifying a signature made from a subkey, ensure that the cross
+certification "back signature" on the subkey is present and valid. This
+protects against a subtle attack against subkeys that can sign.
+Defaults to @option{--require-cross-certification} for
+@command{@gpgname}.
+
+@item --expert
+@itemx --no-expert
+@opindex expert
+Allow the user to do certain nonsensical or "silly" things like
+signing an expired or revoked key, or certain potentially incompatible
+things like generating unusual key types. This also disables certain
+warning messages about potentially incompatible actions. As the name
+implies, this option is for experts only. If you don't fully
+understand the implications of what it allows you to do, leave this
+off. @option{--no-expert} disables this option.
+
+@end table
+
+
+@c *******************************************
+@c ******** KEY RELATED OPTIONS ************
+@c *******************************************
+@node GPG Key related Options
+@subsection Key related options
+
+@table @gnupgtabopt
+
+@item --recipient @var{name}
+@itemx -r
+@opindex recipient
+Encrypt for user id @var{name}. If this option or
+@option{--hidden-recipient} is not specified, GnuPG asks for the user-id
+unless @option{--default-recipient} is given.
+
+@item --hidden-recipient @var{name}
+@itemx -R
+@opindex hidden-recipient
+Encrypt for user ID @var{name}, but hide the key ID of this user's
+key. This option helps to hide the receiver of the message and is a
+limited countermeasure against traffic analysis. If this option or
+@option{--recipient} is not specified, GnuPG asks for the user ID unless
+@option{--default-recipient} is given.
+
+@item --encrypt-to @code{name}
+@opindex encrypt-to
+Same as @option{--recipient} but this one is intended for use in the
+options file and may be used with your own user-id as an
+"encrypt-to-self". These keys are only used when there are other
+recipients given either by use of @option{--recipient} or by the asked
+user id. No trust checking is performed for these user ids and even
+disabled keys can be used.
+
+@item --hidden-encrypt-to @code{name}
+@opindex hidden-encrypt-to
+Same as @option{--hidden-recipient} but this one is intended for use in the
+options file and may be used with your own user-id as a hidden
+"encrypt-to-self". These keys are only used when there are other
+recipients given either by use of @option{--recipient} or by the asked user id.
+No trust checking is performed for these user ids and even disabled
+keys can be used.
+
+@item --no-encrypt-to
+@opindex no-encrypt-to
+Disable the use of all @option{--encrypt-to} and
+@option{--hidden-encrypt-to} keys.
+
+@item --group @code{name=value1 }
+@opindex group
+Sets up a named group, which is similar to aliases in email programs.
+Any time the group name is a recipient (@option{-r} or
+@option{--recipient}), it will be expanded to the values
+specified. Multiple groups with the same name are automatically merged
+into a single group.
+
+The values are @code{key IDs} or fingerprints, but any key description
+is accepted. Note that a value with spaces in it will be treated as
+two different values. Note also there is only one level of expansion
+--- you cannot make an group that points to another group. When used
+from the command line, it may be necessary to quote the argument to
+this option to prevent the shell from treating it as multiple
+arguments.
+
+@item --ungroup @code{name}
+@opindex ungroup
+Remove a given entry from the @option{--group} list.
+
+@item --no-groups
+@opindex no-groups
+Remove all entries from the @option{--group} list.
+
+@item --local-user @var{name}
+@itemx -u
+@opindex local-user
+Use @var{name} as the key to sign with. Note that this option overrides
+@option{--default-key}.
+
+@ifset gpgtwoone
+@item --try-secret-key @var{name}
+@opindex try-secret-key
+For hidden recipients GPG needs to know the keys to use for trial
+decryption. The key set with @option{--default-key} is always tried
+first, but this is often not sufficient. This option allows to set more
+keys to be used for trial decryption. Although any valid user-id
+specification may be used for @var{name} it makes sense to use at least
+the long keyid to avoid ambiguities. Note that gpg-agent might pop up a
+pinentry for a lot keys to do the trial decryption. If you want to stop
+all further trial decryption you may use close-window button instead of
+the cancel button.
+@end ifset
+
+@item --try-all-secrets
+@opindex try-all-secrets
+Don't look at the key ID as stored in the message but try all secret
+keys in turn to find the right decryption key. This option forces the
+behaviour as used by anonymous recipients (created by using
+@option{--throw-keyids} or @option{--hidden-recipient}) and might come
+handy in case where an encrypted message contains a bogus key ID.
+
+@item --skip-hidden-recipients
+@itemx --no-skip-hidden-recipients
+@opindex skip-hidden-recipients
+@opindex no-skip-hidden-recipients
+During decryption skip all anonymous recipients. This option helps in
+the case that people use the hidden recipients feature to hide there
+own encrypt-to key from others. If oneself has many secret keys this
+may lead to a major annoyance because all keys are tried in turn to
+decrypt soemthing which was not really intended for it. The drawback
+of this option is that it is currently not possible to decrypt a
+message which includes real anonymous recipients.
+
+
+@end table
+
+@c *******************************************
+@c ******** INPUT AND OUTPUT ***************
+@c *******************************************
+@node GPG Input and Output
+@subsection Input and Output
+
+@table @gnupgtabopt
+
+@item --armor
+@itemx -a
+@opindex armor
+Create ASCII armored output. The default is to create the binary
+OpenPGP format.
+
+@item --no-armor
+@opindex no-armor
+Assume the input data is not in ASCII armored format.
+
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to @var{file}.
+
+@item --max-output @code{n}
+@opindex max-output
+This option sets a limit on the number of bytes that will be generated
+when processing a file. Since OpenPGP supports various levels of
+compression, it is possible that the plaintext of a given message may be
+significantly larger than the original OpenPGP message. While GnuPG
+works properly with such messages, there is often a desire to set a
+maximum file size that will be generated before processing is forced to
+stop by the OS limits. Defaults to 0, which means "no limit".
+
+@item --import-options @code{parameters}
+@opindex import-options
+This is a space or comma delimited string that gives options for
+importing keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
+
+@table @asis
+
+ @item import-local-sigs
+ Allow importing key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being used.
+ Defaults to no.
+
+ @item repair-pks-subkey-bug
+ During import, attempt to repair the damage caused by the PKS keyserver
+ bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note
+ that this cannot completely repair the damaged key as some crucial data
+ is removed by the keyserver, but it does at least give you back one
+ subkey. Defaults to no for regular @option{--import} and to yes for
+ keyserver @option{--recv-keys}.
+
+ @item merge-only
+ During import, allow key updates to existing keys, but do not allow
+ any new keys to be imported. Defaults to no.
+
+ @item import-clean
+ After import, compact (remove all signatures except the
+ self-signature) any user IDs from the new key that are not usable.
+ Then, remove any signatures from the new key that are not usable.
+ This includes signatures that were issued by keys that are not present
+ on the keyring. This option is the same as running the @option{--edit-key}
+ command "clean" after import. Defaults to no.
+
+ @item import-minimal
+ Import the smallest key possible. This removes all signatures except
+ the most recent self-signature on each user ID. This option is the
+ same as running the @option{--edit-key} command "minimize" after import.
+ Defaults to no.
+@end table
+
+@item --export-options @code{parameters}
+@opindex export-options
+This is a space or comma delimited string that gives options for
+exporting keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
+
+@table @asis
+
+ @item export-local-sigs
+ Allow exporting key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being used.
+ Defaults to no.
+
+ @item export-attributes
+ Include attribute user IDs (photo IDs) while exporting. This is
+ useful to export keys if they are going to be used by an OpenPGP
+ program that does not accept attribute user IDs. Defaults to yes.
+
+ @item export-sensitive-revkeys
+ Include designated revoker information that was marked as
+ "sensitive". Defaults to no.
+
+ @c Since GnuPG 2.1 gpg-agent manages the secret key and thus the
+ @c export-reset-subkey-passwd hack is not anymore justified. Such use
+ @c cases need to be implemented using a specialized secret key export
+ @c tool.
+@ifclear gpgtwoone
+ @item export-reset-subkey-passwd
+ When using the @option{--export-secret-subkeys} command, this option resets
+ the passphrases for all exported subkeys to empty. This is useful
+ when the exported subkey is to be used on an unattended machine where
+ a passphrase doesn't necessarily make sense. Defaults to no.
+@end ifclear
+
+ @item export-clean
+ Compact (remove all signatures from) user IDs on the key being
+ exported if the user IDs are not usable. Also, do not export any
+ signatures that are not usable. This includes signatures that were
+ issued by keys that are not present on the keyring. This option is
+ the same as running the @option{--edit-key} command "clean" before export
+ except that the local copy of the key is not modified. Defaults to
+ no.
+
+ @item export-minimal
+ Export the smallest key possible. This removes all signatures except the
+ most recent self-signature on each user ID. This option is the same as
+ running the @option{--edit-key} command "minimize" before export except
+ that the local copy of the key is not modified. Defaults to no.
+@end table
+
+@item --with-colons
+@opindex with-colons
+Print key listings delimited by colons. Note that the output will be
+encoded in UTF-8 regardless of any @option{--display-charset} setting. This
+format is useful when GnuPG is called from scripts and other programs
+as it is easily machine parsed. The details of this format are
+documented in the file @file{doc/DETAILS}, which is included in the GnuPG
+source distribution.
+
+@item --fixed-list-mode
+@opindex fixed-list-mode
+Do not merge primary user ID and primary key in @option{--with-colon}
+listing mode and print all timestamps as seconds since 1970-01-01.
+@ifclear gpgone
+Since GnuPG 2.0.10, this mode is always used and thus this option is
+obsolete; it does not harm to use it though.
+@end ifclear
+
+@item --with-fingerprint
+@opindex with-fingerprint
+Same as the command @option{--fingerprint} but changes only the format
+of the output and may be used together with another command.
+
+@ifset gpgtwoone
+@item --with-keygrip
+@opindex with-keygrip
+Include the keygrip in the key listings.
+@end ifset
+
+@end table
+
+@c *******************************************
+@c ******** OPENPGP OPTIONS ****************
+@c *******************************************
+@node OpenPGP Options
+@subsection OpenPGP protocol specific options.
+
+@table @gnupgtabopt
+
+@item -t, --textmode
+@itemx --no-textmode
+@opindex textmode
+Treat input files as text and store them in the OpenPGP canonical text
+form with standard "CRLF" line endings. This also sets the necessary
+flags to inform the recipient that the encrypted or signed data is text
+and may need its line endings converted back to whatever the local
+system uses. This option is useful when communicating between two
+platforms that have different line ending conventions (UNIX-like to Mac,
+Mac to Windows, etc). @option{--no-textmode} disables this option, and
+is the default.
+
+@ifset gpgone
+If @option{-t} (but not @option{--textmode}) is used together with
+armoring and signing, this enables clearsigned messages. This kludge is
+needed for command-line compatibility with command-line versions of PGP;
+normally you would use @option{--sign} or @option{--clearsign} to select
+the type of the signature.
+@end ifset
+
+@item --force-v3-sigs
+@itemx --no-force-v3-sigs
+@opindex force-v3-sigs
+OpenPGP states that an implementation should generate v4 signatures
+but PGP versions 5 through 7 only recognize v4 signatures on key
+material. This option forces v3 signatures for signatures on data.
+Note that this option implies @option{--no-ask-sig-expire}, and unsets
+@option{--sig-policy-url}, @option{--sig-notation}, and
+@option{--sig-keyserver-url}, as these features cannot be used with v3
+signatures. @option{--no-force-v3-sigs} disables this option.
+Defaults to no.
+
+@item --force-v4-certs
+@itemx --no-force-v4-certs
+@opindex force-v4-certs
+Always use v4 key signatures even on v3 keys. This option also
+changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
+@option{--no-force-v4-certs} disables this option.
+
+@item --force-mdc
+@opindex force-mdc
+Force the use of encryption with a modification detection code. This
+is always used with the newer ciphers (those with a blocksize greater
+than 64 bits), or if all of the recipient keys indicate MDC support in
+their feature flags.
+
+@item --disable-mdc
+@opindex disable-mdc
+Disable the use of the modification detection code. Note that by
+using this option, the encrypted message becomes vulnerable to a
+message modification attack.
+
+@item --personal-cipher-preferences @code{string}
+@opindex personal-cipher-preferences
+Set the list of personal cipher preferences to @code{string}. Use
+@command{@gpgname --version} to get a list of available algorithms,
+and use @code{none} to set no preference at all. This allows the user
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients. The most highly ranked cipher in this list is also
+used for the @option{--symmetric} encryption command.
+
+@item --personal-digest-preferences @code{string}
+@opindex personal-digest-preferences
+Set the list of personal digest preferences to @code{string}. Use
+@command{@gpgname --version} to get a list of available algorithms,
+and use @code{none} to set no preference at all. This allows the user
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients. The most highly ranked digest algorithm in this list
+is also used when signing without encryption
+(e.g. @option{--clearsign} or @option{--sign}).
+
+@item --personal-compress-preferences @code{string}
+@opindex personal-compress-preferences
+Set the list of personal compression preferences to @code{string}.
+Use @command{@gpgname --version} to get a list of available
+algorithms, and use @code{none} to set no preference at all. This
+allows the user to safely override the algorithm chosen by the
+recipient key preferences, as GPG will only select an algorithm that
+is usable by all recipients. The most highly ranked compression
+algorithm in this list is also used when there are no recipient keys
+to consider (e.g. @option{--symmetric}).
+
+@item --s2k-cipher-algo @code{name}
+@opindex s2k-cipher-algo
+Use @code{name} as the cipher algorithm used to protect secret keys.
+The default cipher is CAST5. This cipher is also used for
+conventional encryption if @option{--personal-cipher-preferences} and
+@option{--cipher-algo} is not given.
+
+@item --s2k-digest-algo @code{name}
+@opindex s2k-digest-algo
+Use @code{name} as the digest algorithm used to mangle the passphrases.
+The default algorithm is SHA-1.
+
+@item --s2k-mode @code{n}
+@opindex s2k-mode
+Selects how passphrases are mangled. If @code{n} is 0 a plain
+passphrase (which is not recommended) will be used, a 1 adds a salt to
+the passphrase and a 3 (the default) iterates the whole process a
+number of times (see --s2k-count). Unless @option{--rfc1991} is used,
+this mode is also used for conventional encryption.
+
+@item --s2k-count @code{n}
+@opindex s2k-count
+Specify how many times the passphrase mangling is repeated. This
+value may range between 1024 and 65011712 inclusive. The default is
+inquired from gpg-agent. Note that not all values in the
+1024-65011712 range are legal and if an illegal value is selected,
+GnuPG will round up to the nearest legal value. This option is only
+meaningful if @option{--s2k-mode} is 3.
+
+
+@end table
+
+@c ***************************
+@c ******* Compliance ********
+@c ***************************
+@subsection Compliance options
+
+These options control what GnuPG is compliant to. Only one of these
+options may be active at a time. Note that the default setting of
+this is nearly always the correct one. See the INTEROPERABILITY WITH
+OTHER OPENPGP PROGRAMS section below before using one of these
+options.
+
+@table @gnupgtabopt
+
+@item --gnupg
+@opindex gnupg
+Use standard GnuPG behavior. This is essentially OpenPGP behavior
+(see @option{--openpgp}), but with some additional workarounds for common
+compatibility problems in different versions of PGP. This is the
+default option, so it is not generally needed, but it may be useful to
+override a different compliance option in the gpg.conf file.
+
+@item --openpgp
+@opindex openpgp
+Reset all packet, cipher and digest options to strict OpenPGP
+behavior. Use this option to reset all previous options like
+@option{--s2k-*}, @option{--cipher-algo}, @option{--digest-algo} and
+@option{--compress-algo} to OpenPGP compliant values. All PGP
+workarounds are disabled.
+
+@item --rfc4880
+@opindex rfc4880
+Reset all packet, cipher and digest options to strict RFC-4880
+behavior. Note that this is currently the same thing as
+@option{--openpgp}.
+
+@item --rfc2440
+@opindex rfc2440
+Reset all packet, cipher and digest options to strict RFC-2440
+behavior.
+
+@item --rfc1991
+@opindex rfc1991
+Try to be more RFC-1991 (PGP 2.x) compliant.
+
+@item --pgp2
+@opindex pgp2
+Set up all options to be as PGP 2.x compliant as possible, and warn if
+an action is taken (e.g. encrypting to a non-RSA key) that will create
+a message that PGP 2.x will not be able to handle. Note that `PGP
+2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
+available, but the MIT release is a good common baseline.
+
+This option implies @option{--rfc1991 --disable-mdc
+--no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
+IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
+@option{--textmode} when encrypting.
+
+@item --pgp6
+@opindex pgp6
+Set up all options to be as PGP 6 compliant as possible. This
+restricts you to the ciphers IDEA (if the IDEA plugin is installed),
+3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
+compression algorithms none and ZIP. This also disables
+--throw-keyids, and making signatures with signing subkeys as PGP 6
+does not understand signatures made by signing subkeys.
+
+This option implies @option{--disable-mdc --escape-from-lines
+--force-v3-sigs}.
+
+@item --pgp7
+@opindex pgp7
+Set up all options to be as PGP 7 compliant as possible. This is
+identical to @option{--pgp6} except that MDCs are not disabled, and the
+list of allowable ciphers is expanded to add AES128, AES192, AES256, and
+TWOFISH.
+
+@item --pgp8
+@opindex pgp8
+Set up all options to be as PGP 8 compliant as possible. PGP 8 is a lot
+closer to the OpenPGP standard than previous versions of PGP, so all
+this does is disable @option{--throw-keyids} and set
+@option{--escape-from-lines}. All algorithms are allowed except for the
+SHA224, SHA384, and SHA512 digests.
+
+@end table
+
+
+@c *******************************************
+@c ******** ESOTERIC OPTIONS ***************
+@c *******************************************
+@node GPG Esoteric Options
+@subsection Doing things one usually doesn't want to do.
+
+@table @gnupgtabopt
+
+@item -n
+@itemx --dry-run
+@opindex dry-run
+Don't make any changes (this is not completely implemented).
+
+@item --list-only
+@opindex list-only
+Changes the behaviour of some commands. This is like @option{--dry-run} but
+different in some cases. The semantic of this command may be extended in
+the future. Currently it only skips the actual decryption pass and
+therefore enables a fast listing of the encryption keys.
+
+@item -i
+@itemx --interactive
+@opindex interactive
+Prompt before overwriting any files.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or by a keyword:
+
+@table @code
+ @item none
+ No debugging at all. A value of less than 1 may be used instead of
+ the keyword.
+ @item basic
+ Some basic debug messages. A value between 1 and 2 may be used
+ instead of the keyword.
+ @item advanced
+ More verbose debug messages. A value between 3 and 5 may be used
+ instead of the keyword.
+ @item expert
+ Even more detailed messages. A value between 6 and 8 may be used
+ instead of the keyword.
+ @item guru
+ All of the debug messages you can get. A value greater than 8 may be
+ used instead of the keyword. The creation of hash tracing files is
+ only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@item --debug @var{flags}
+@opindex debug
+Set debugging flags. All flags are or-ed and @var{flags} may
+be given in C syntax (e.g. 0x0042).
+
+@item --debug-all
+@opindex debug-all
+Set all useful debugging flags.
+
+@ifset gpgone
+@item --debug-ccid-driver
+@opindex debug-ccid-driver
+Enable debug output from the included CCID driver for smartcards.
+Note that this option is only available on some system.
+@end ifset
+
+@item --faked-system-time @var{epoch}
+@opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970. Alternatively @var{epoch} may be given as a full ISO time string
+(e.g. "20070924T154812").
+
+@item --enable-progress-filter
+@opindex enable-progress-filter
+Enable certain PROGRESS status outputs. This option allows frontends
+to display a progress indicator while gpg is processing larger files.
+There is a slight performance overhead using it.
+
+@item --status-fd @code{n}
+@opindex status-fd
+Write special status strings to the file descriptor @code{n}.
+See the file DETAILS in the documentation for a listing of them.
+
+@item --status-file @code{file}
+@opindex status-file
+Same as @option{--status-fd}, except the status data is written to file
+@code{file}.
+
+@item --logger-fd @code{n}
+@opindex logger-fd
+Write log output to file descriptor @code{n} and not to STDERR.
+
+@item --log-file @code{file}
+@itemx --logger-file @code{file}
+@opindex log-file
+Same as @option{--logger-fd}, except the logger data is written to file
+@code{file}. Note that @option{--log-file} is only implemented for
+GnuPG-2.
+
+@item --attribute-fd @code{n}
+@opindex attribute-fd
+Write attribute subpackets to the file descriptor @code{n}. This is most
+useful for use with @option{--status-fd}, since the status messages are
+needed to separate out the various subpackets from the stream delivered
+to the file descriptor.
+
+@item --attribute-file @code{file}
+@opindex attribute-file
+Same as @option{--attribute-fd}, except the attribute data is written to
+file @code{file}.
+
+@item --comment @code{string}
+@itemx --no-comments
+@opindex comment
+Use @code{string} as a comment string in clear text signatures and ASCII
+armored messages or keys (see @option{--armor}). The default behavior is
+not to use a comment string. @option{--comment} may be repeated multiple
+times to get multiple comment strings. @option{--no-comments} removes
+all comments. It is a good idea to keep the length of a single comment
+below 60 characters to avoid problems with mail programs wrapping such
+lines. Note that comment lines, like all other header lines, are not
+protected by the signature.
+
+@item --emit-version
+@itemx --no-emit-version
+@opindex emit-version
+Force inclusion of the version string in ASCII armored output.
+@option{--no-emit-version} disables this option.
+
+@item --sig-notation @code{name=value}
+@itemx --cert-notation @code{name=value}
+@itemx -N, --set-notation @code{name=value}
+@opindex sig-notation
+@opindex cert-notation
+@opindex set-notation
+Put the name value pair into the signature as notation data.
+@code{name} must consist only of printable characters or spaces, and
+must contain a '@@' character in the form keyname@@domain.example.com
+(substituting the appropriate keyname and domain name, of course). This
+is to help prevent pollution of the IETF reserved notation
+namespace. The @option{--expert} flag overrides the '@@'
+check. @code{value} may be any printable string; it will be encoded in
+UTF8, so you should check that your @option{--display-charset} is set
+correctly. If you prefix @code{name} with an exclamation mark (!), the
+notation data will be flagged as critical
+(rfc2440:5.2.3.15). @option{--sig-notation} sets a notation for data
+signatures. @option{--cert-notation} sets a notation for key signatures
+(certifications). @option{--set-notation} sets both.
+
+There are special codes that may be used in notation names. "%k" will
+be expanded into the key ID of the key being signed, "%K" into the
+long key ID of the key being signed, "%f" into the fingerprint of the
+key being signed, "%s" into the key ID of the key making the
+signature, "%S" into the long key ID of the key making the signature,
+"%g" into the fingerprint of the key making the signature (which might
+be a subkey), "%p" into the fingerprint of the primary key of the key
+making the signature, "%c" into the signature count from the OpenPGP
+smartcard, and "%%" results in a single "%". %k, %K, and %f are only
+meaningful when making a key signature (certification), and %c is only
+meaningful when using the OpenPGP smartcard.
+
+@item --sig-policy-url @code{string}
+@itemx --cert-policy-url @code{string}
+@itemx --set-policy-url @code{string}
+@opindex sig-policy-url
+@opindex cert-policy-url
+@opindex set-policy-url
+Use @code{string} as a Policy URL for signatures (rfc2440:5.2.3.19). If
+you prefix it with an exclamation mark (!), the policy URL packet will
+be flagged as critical. @option{--sig-policy-url} sets a policy url for
+data signatures. @option{--cert-policy-url} sets a policy url for key
+signatures (certifications). @option{--set-policy-url} sets both.
+
+The same %-expandos used for notation data are available here as well.
+
+@item --sig-keyserver-url @code{string}
+@opindex sig-keyserver-url
+Use @code{string} as a preferred keyserver URL for data signatures. If
+you prefix it with an exclamation mark (!), the keyserver URL packet
+will be flagged as critical.
+
+The same %-expandos used for notation data are available here as well.
+
+@item --set-filename @code{string}
+@opindex set-filename
+Use @code{string} as the filename which is stored inside messages.
+This overrides the default, which is to use the actual filename of the
+file being encrypted.
+
+@item --for-your-eyes-only
+@itemx --no-for-your-eyes-only
+@opindex for-your-eyes-only
+Set the `for your eyes only' flag in the message. This causes GnuPG to
+refuse to save the file unless the @option{--output} option is given,
+and PGP to use a "secure viewer" with a claimed Tempest-resistant font
+to display the message. This option overrides @option{--set-filename}.
+@option{--no-for-your-eyes-only} disables this option.
+
+@item --use-embedded-filename
+@itemx --no-use-embedded-filename
+@opindex use-embedded-filename
+Try to create a file with a name as embedded in the data. This can be
+a dangerous option as it allows to overwrite files. Defaults to no.
+
+@item --cipher-algo @code{name}
+@opindex cipher-algo
+Use @code{name} as cipher algorithm. Running the program with the
+command @option{--version} yields a list of supported algorithms. If
+this is not used the cipher algorithm is selected from the preferences
+stored with the key. In general, you do not want to use this option as
+it allows you to violate the OpenPGP standard.
+@option{--personal-cipher-preferences} is the safe way to accomplish the
+same thing.
+
+@item --digest-algo @code{name}
+@opindex digest-algo
+Use @code{name} as the message digest algorithm. Running the program
+with the command @option{--version} yields a list of supported algorithms. In
+general, you do not want to use this option as it allows you to
+violate the OpenPGP standard. @option{--personal-digest-preferences} is the
+safe way to accomplish the same thing.
+
+@item --compress-algo @code{name}
+@opindex compress-algo
+Use compression algorithm @code{name}. "zlib" is RFC-1950 ZLIB
+compression. "zip" is RFC-1951 ZIP compression which is used by PGP.
+"bzip2" is a more modern compression scheme that can compress some
+things better than zip or zlib, but at the cost of more memory used
+during compression and decompression. "uncompressed" or "none"
+disables compression. If this option is not used, the default
+behavior is to examine the recipient key preferences to see which
+algorithms the recipient supports. If all else fails, ZIP is used for
+maximum compatibility.
+
+ZLIB may give better compression results than ZIP, as the compression
+window size is not limited to 8k. BZIP2 may give even better
+compression results than that, but will use a significantly larger
+amount of memory while compressing and decompressing. This may be
+significant in low memory situations. Note, however, that PGP (all
+versions) only supports ZIP compression. Using any algorithm other
+than ZIP or "none" will make the message unreadable with PGP. In
+general, you do not want to use this option as it allows you to
+violate the OpenPGP standard. @option{--personal-compress-preferences} is the
+safe way to accomplish the same thing.
+
+@item --cert-digest-algo @code{name}
+@opindex cert-digest-algo
+Use @code{name} as the message digest algorithm used when signing a
+key. Running the program with the command @option{--version} yields a
+list of supported algorithms. Be aware that if you choose an algorithm
+that GnuPG supports but other OpenPGP implementations do not, then some
+users will not be able to use the key signatures you make, or quite
+possibly your entire key.
+
+@item --disable-cipher-algo @code{name}
+@opindex disable-cipher-algo
+Never allow the use of @code{name} as cipher algorithm.
+The given name will not be checked so that a later loaded algorithm
+will still get disabled.
+
+@item --disable-pubkey-algo @code{name}
+@opindex disable-pubkey-algo
+Never allow the use of @code{name} as public key algorithm.
+The given name will not be checked so that a later loaded algorithm
+will still get disabled.
+
+@item --throw-keyids
+@itemx --no-throw-keyids
+@opindex throw-keyids
+Do not put the recipient key IDs into encrypted messages. This helps to
+hide the receivers of the message and is a limited countermeasure
+against traffic analysis.@footnote{Using a little social engineering
+anyone who is able to decrypt the message can check whether one of the
+other recipients is the one he suspects.} On the receiving side, it may
+slow down the decryption process because all available secret keys must
+be tried. @option{--no-throw-keyids} disables this option. This option
+is essentially the same as using @option{--hidden-recipient} for all
+recipients.
+
+@item --not-dash-escaped
+@opindex not-dash-escaped
+This option changes the behavior of cleartext signatures
+so that they can be used for patch files. You should not
+send such an armored file via email because all spaces
+and line endings are hashed too. You can not use this
+option for data which has 5 dashes at the beginning of a
+line, patch files don't have this. A special armor header
+line tells GnuPG about this cleartext signature option.
+
+@item --escape-from-lines
+@itemx --no-escape-from-lines
+@opindex escape-from-lines
+Because some mailers change lines starting with "From " to ">From " it
+is good to handle such lines in a special way when creating cleartext
+signatures to prevent the mail system from breaking the signature. Note
+that all other PGP versions do it this way too. Enabled by
+default. @option{--no-escape-from-lines} disables this option.
+
+@item --passphrase-repeat @code{n}
+@opindex passphrase-repeat
+Specify how many times @command{@gpgname} will request a new
+passphrase be repeated. This is useful for helping memorize a
+passphrase. Defaults to 1 repetition.
+
+@item --passphrase-fd @code{n}
+@opindex passphrase-fd
+Read the passphrase from file descriptor @code{n}. Only the first line
+will be read from file descriptor @code{n}. If you use 0 for @code{n},
+the passphrase will be read from STDIN. This can only be used if only
+one passphrase is supplied.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given. This is different from @command{gpg}.
+@end ifclear
+
+@item --passphrase-file @code{file}
+@opindex passphrase-file
+Read the passphrase from file @code{file}. Only the first line will
+be read from file @code{file}. This can only be used if only one
+passphrase is supplied. Obviously, a passphrase stored in a file is
+of questionable security if other users can read this file. Don't use
+this option if you can avoid it.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given. This is different from @command{gpg}.
+@end ifclear
+
+@item --passphrase @code{string}
+@opindex passphrase
+Use @code{string} as the passphrase. This can only be used if only one
+passphrase is supplied. Obviously, this is of very questionable
+security on a multi-user system. Don't use this option if you can
+avoid it.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given. This is different from @command{gpg}.
+@end ifclear
+
+@item --command-fd @code{n}
+@opindex command-fd
+This is a replacement for the deprecated shared-memory IPC mode.
+If this option is enabled, user input on questions is not expected
+from the TTY but from the given file descriptor. It should be used
+together with @option{--status-fd}. See the file doc/DETAILS in the source
+distribution for details on how to use it.
+
+@item --command-file @code{file}
+@opindex command-file
+Same as @option{--command-fd}, except the commands are read out of file
+@code{file}
+
+@item --allow-non-selfsigned-uid
+@itemx --no-allow-non-selfsigned-uid
+@opindex allow-non-selfsigned-uid
+Allow the import and use of keys with user IDs which are not
+self-signed. This is not recommended, as a non self-signed user ID is
+trivial to forge. @option{--no-allow-non-selfsigned-uid} disables.
+
+@item --allow-freeform-uid
+@opindex allow-freeform-uid
+Disable all checks on the form of the user ID while generating a new
+one. This option should only be used in very special environments as
+it does not ensure the de-facto standard format of user IDs.
+
+@item --ignore-time-conflict
+@opindex ignore-time-conflict
+GnuPG normally checks that the timestamps associated with keys and
+signatures have plausible values. However, sometimes a signature
+seems to be older than the key due to clock problems. This option
+makes these checks just a warning. See also @option{--ignore-valid-from} for
+timestamp issues on subkeys.
+
+@item --ignore-valid-from
+@opindex ignore-valid-from
+GnuPG normally does not select and use subkeys created in the future.
+This option allows the use of such keys and thus exhibits the
+pre-1.0.7 behaviour. You should not use this option unless there
+is some clock problem. See also @option{--ignore-time-conflict} for timestamp
+issues with signatures.
+
+@item --ignore-crc-error
+@opindex ignore-crc-error
+The ASCII armor used by OpenPGP is protected by a CRC checksum against
+transmission errors. Occasionally the CRC gets mangled somewhere on
+the transmission channel but the actual content (which is protected by
+the OpenPGP protocol anyway) is still okay. This option allows GnuPG
+to ignore CRC errors.
+
+@item --ignore-mdc-error
+@opindex ignore-mdc-error
+This option changes a MDC integrity protection failure into a warning.
+This can be useful if a message is partially corrupt, but it is
+necessary to get as much data as possible out of the corrupt message.
+However, be aware that a MDC protection failure may also mean that the
+message was tampered with intentionally by an attacker.
+
+@item --no-default-keyring
+@opindex no-default-keyring
+Do not add the default keyrings to the list of keyrings. Note that
+GnuPG will not operate without any keyrings, so if you use this option
+and do not provide alternate keyrings via @option{--keyring} or
+@option{--secret-keyring}, then GnuPG will still use the default public or
+secret keyrings.
+
+@item --skip-verify
+@opindex skip-verify
+Skip the signature verification step. This may be
+used to make the decryption faster if the signature
+verification is not needed.
+
+@item --with-key-data
+@opindex with-key-data
+Print key listings delimited by colons (like @option{--with-colons}) and
+print the public key data.
+
+@item --fast-list-mode
+@opindex fast-list-mode
+Changes the output of the list commands to work faster; this is achieved
+by leaving some parts empty. Some applications don't need the user ID
+and the trust information given in the listings. By using this options
+they can get a faster listing. The exact behaviour of this option may
+change in future versions. If you are missing some information, don't
+use this option.
+
+@item --no-literal
+@opindex no-literal
+This is not for normal use. Use the source to see for what it might be useful.
+
+@item --set-filesize
+@opindex set-filesize
+This is not for normal use. Use the source to see for what it might be useful.
+
+@item --show-session-key
+@opindex show-session-key
+Display the session key used for one message. See
+@option{--override-session-key} for the counterpart of this option.
+
+We think that Key Escrow is a Bad Thing; however the user should have
+the freedom to decide whether to go to prison or to reveal the content
+of one specific message without compromising all messages ever
+encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
+FORCED TO DO SO.
+
+@item --override-session-key @code{string}
+@opindex override-session-key
+Don't use the public key but the session key @code{string}. The format
+of this string is the same as the one printed by
+@option{--show-session-key}. This option is normally not used but comes
+handy in case someone forces you to reveal the content of an encrypted
+message; using this option you can do this without handing out the
+secret key.
+
+@item --ask-sig-expire
+@itemx --no-ask-sig-expire
+@opindex ask-sig-expire
+When making a data signature, prompt for an expiration time. If this
+option is not specified, the expiration time set via
+@option{--default-sig-expire} is used. @option{--no-ask-sig-expire}
+disables this option.
+
+@item --default-sig-expire
+@opindex default-sig-expire
+The default expiration time to use for signature expiration. Valid
+values are "0" for no expiration, a number followed by the letter d
+(for days), w (for weeks), m (for months), or y (for years) (for
+example "2m" for two months, or "5y" for five years), or an absolute
+date in the form YYYY-MM-DD. Defaults to "0".
+
+@item --ask-cert-expire
+@itemx --no-ask-cert-expire
+@opindex ask-cert-expire
+When making a key signature, prompt for an expiration time. If this
+option is not specified, the expiration time set via
+@option{--default-cert-expire} is used. @option{--no-ask-cert-expire}
+disables this option.
+
+@item --default-cert-expire
+@opindex default-cert-expire
+The default expiration time to use for key signature expiration.
+Valid values are "0" for no expiration, a number followed by the
+letter d (for days), w (for weeks), m (for months), or y (for years)
+(for example "2m" for two months, or "5y" for five years), or an
+absolute date in the form YYYY-MM-DD. Defaults to "0".
+
+@item --allow-secret-key-import
+@opindex allow-secret-key-import
+This is an obsolete option and is not used anywhere.
+
+@item --allow-multiple-messages
+@item --no-allow-multiple-messages
+@opindex allow-multiple-messages
+Allow processing of multiple OpenPGP messages contained in a single file
+or stream. Some programs that call GPG are not prepared to deal with
+multiple messages being processed together, so this option defaults to
+no. Note that versions of GPG prior to 1.4.7 always allowed multiple
+messages.
+
+Warning: Do not use this option unless you need it as a temporary
+workaround!
+
+
+@item --enable-special-filenames
+@opindex enable-special-filenames
+This options enables a mode in which filenames of the form
+@file{-&n}, where n is a non-negative decimal number,
+refer to the file descriptor n and not to a file with that name.
+
+@item --no-expensive-trust-checks
+@opindex no-expensive-trust-checks
+Experimental use only.
+
+@item --preserve-permissions
+@opindex preserve-permissions
+Don't change the permissions of a secret keyring back to user
+read/write only. Use this option only if you really know what you are doing.
+
+@item --default-preference-list @code{string}
+@opindex default-preference-list
+Set the list of default preferences to @code{string}. This preference
+list is used for new keys and becomes the default for "setpref" in the
+edit menu.
+
+@item --default-keyserver-url @code{name}
+@opindex default-keyserver-url
+Set the default keyserver URL to @code{name}. This keyserver will be
+used as the keyserver URL when writing a new self-signature on a key,
+which includes key generation and changing preferences.
+
+@item --list-config
+@opindex list-config
+Display various internal configuration parameters of GnuPG. This option
+is intended for external programs that call GnuPG to perform tasks, and
+is thus not generally useful. See the file @file{doc/DETAILS} in the
+source distribution for the details of which configuration items may be
+listed. @option{--list-config} is only usable with
+@option{--with-colons} set.
+
+@item --gpgconf-list
+@opindex gpgconf-list
+This command is similar to @option{--list-config} but in general only
+internally used by the @command{gpgconf} tool.
+
+@item --gpgconf-test
+@opindex gpgconf-test
+This is more or less dummy action. However it parses the configuration
+file and returns with failure if the configuration file would prevent
+@command{gpg} from startup. Thus it may be used to run a syntax check
+on the configuration file.
+
+@end table
+
+@c *******************************
+@c ******* Deprecated ************
+@c *******************************
+@subsection Deprecated options
+
+@table @gnupgtabopt
+
+@ifset gpgone
+@item --load-extension @code{name}
+@opindex load-extension
+Load an extension module. If @code{name} does not contain a slash it is
+searched for in the directory configured when GnuPG was built
+(generally "/usr/local/lib/gnupg"). Extensions are not generally
+useful anymore, and the use of this option is deprecated.
+@end ifset
+
+@item --show-photos
+@itemx --no-show-photos
+@opindex show-photos
+Causes @option{--list-keys}, @option{--list-sigs},
+@option{--list-public-keys}, @option{--list-secret-keys}, and verifying
+a signature to also display the photo ID attached to the key, if
+any. See also @option{--photo-viewer}. These options are deprecated. Use
+@option{--list-options [no-]show-photos} and/or @option{--verify-options
+[no-]show-photos} instead.
+
+@item --show-keyring
+@opindex show-keyring
+Display the keyring name at the head of key listings to show which
+keyring a given key resides on. This option is deprecated: use
+@option{--list-options [no-]show-keyring} instead.
+
+@ifset gpgone
+@item --ctapi-driver @code{file}
+@opindex ctapi-driver
+Use @code{file} to access the smartcard reader. The current default
+is `libtowitoko.so'. Note that the use of this interface is
+deprecated; it may be removed in future releases.
+@end ifset
+
+@item --always-trust
+@opindex always-trust
+Identical to @option{--trust-model always}. This option is deprecated.
+
+@item --show-notation
+@itemx --no-show-notation
+@opindex show-notation
+Show signature notations in the @option{--list-sigs} or @option{--check-sigs} listings
+as well as when verifying a signature with a notation in it. These
+options are deprecated. Use @option{--list-options [no-]show-notation}
+and/or @option{--verify-options [no-]show-notation} instead.
+
+@item --show-policy-url
+@itemx --no-show-policy-url
+@opindex show-policy-url
+Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
+listings as well as when verifying a signature with a policy URL in
+it. These options are deprecated. Use @option{--list-options
+[no-]show-policy-url} and/or @option{--verify-options
+[no-]show-policy-url} instead.
+
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** FILES ****************
+@c *************** ****************
+@c *******************************************
+@mansect files
+@node GPG Configuration
+@section Configuration files
+
+There are a few configuration files to control certain aspects of
+@command{@gpgname}'s operation. Unless noted, they are expected in the
+current home directory (@pxref{option --homedir}).
+
+@table @file
+
+ @item gpg.conf
+ @cindex gpg.conf
+ This is the standard configuration file read by @command{@gpgname} on
+ startup. It may contain any valid long option; the leading two dashes
+ may not be entered and the option may not be abbreviated. This default
+ name may be changed on the command line (@pxref{option --options}).
+ You should backup this file.
+
+@end table
+
+@c man:.RE
+Note that on larger installations, it is useful to put predefined files
+into the directory @file{/etc/skel/.gnupg/} so that newly created users
+start up with a working configuration.
+@ifclear gpgone
+For existing users the a small
+helper script is provided to create these files (@pxref{addgnupghome}).
+@end ifclear
+
+For internal purposes @command{@gpgname} creates and maintains a few other
+files; They all live in in the current home directory (@pxref{option
+--homedir}). Only the @command{@gpgname} may modify these files.
+
+
+@table @file
+ @item ~/.gnupg/secring.gpg
+ The secret keyring. You should backup this file.
+
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
+ @item ~/.gnupg/pubring.gpg
+ The public keyring. You should backup this file.
+
+ @item ~/.gnupg/pubring.gpg.lock
+ The lock file for the public keyring.
+
+ @item ~/.gnupg/trustdb.gpg
+ The trust database. There is no need to backup this file; it is better
+ to backup the ownertrust values (@pxref{option --export-ownertrust}).
+
+ @item ~/.gnupg/trustdb.gpg.lock
+ The lock file for the trust database.
+
+ @item ~/.gnupg/random_seed
+ A file used to preserve the state of the internal random pool.
+
+ @item /usr[/local]/share/gnupg/options.skel
+ The skeleton options file.
+
+ @item /usr[/local]/lib/gnupg/
+ Default location for extensions.
+
+@end table
+
+@c man:.RE
+Operation is further controlled by a few environment variables:
+
+@table @asis
+
+ @item HOME
+ Used to locate the default home directory.
+
+ @item GNUPGHOME
+ If set directory used instead of "~/.gnupg".
+
+ @item GPG_AGENT_INFO
+ Used to locate the gpg-agent.
+ @ifset gpgone
+ This is only honored when @option{--use-agent} is set.
+ @end ifset
+ The value consists of 3 colon delimited fields: The first is the path
+ to the Unix Domain Socket, the second the PID of the gpg-agent and the
+ protocol version which should be set to 1. When starting the gpg-agent
+ as described in its documentation, this variable is set to the correct
+ value. The option @option{--gpg-agent-info} can be used to override it.
+
+ @item PINENTRY_USER_DATA
+ This value is passed via gpg-agent to pinentry. It is useful to convey
+ extra information to a custom pinentry.
+
+ @item COLUMNS
+ @itemx LINES
+ Used to size some displays to the full size of the screen.
+
+
+ @item LANGUAGE
+ Apart from its use by GNU, it is used in the W32 version to override the
+ language selection done through the Registry. If used and set to a
+ valid and available language name (@var{langid}), the file with the
+ translation is loaded from
+
+ @code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the
+ directory out of which the gpg binary has been loaded. If it can't be
+ loaded the Registry is tried and as last resort the native Windows
+ locale system is used.
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** EXAMPLES ****************
+@c *************** ****************
+@c *******************************************
+@mansect examples
+@node GPG Examples
+@section Examples
+
+@table @asis
+
+@item gpg -se -r @code{Bob} @code{file}
+sign and encrypt for user Bob
+
+@item gpg --clearsign @code{file}
+make a clear text signature
+
+@item gpg -sb @code{file}
+make a detached signature
+
+@item gpg -u 0x12345678 -sb @code{file}
+make a detached signature with the key 0x12345678
+
+@item gpg --list-keys @code{user_ID}
+show keys
+
+@item gpg --fingerprint @code{user_ID}
+show fingerprint
+
+@item gpg --verify @code{pgpfile}
+@itemx gpg --verify @code{sigfile}
+Verify the signature of the file but do not output the data. The
+second form is used for detached signatures, where @code{sigfile}
+is the detached signature (either ASCII armored or binary) and
+are the signed data; if this is not given, the name of
+the file holding the signed data is constructed by cutting off the
+extension (".asc" or ".sig") of @code{sigfile} or by asking the
+user for the filename.
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** USER ID ****************
+@c *************** ****************
+@c *******************************************
+@mansect how to specify a user id
+@ifset isman
+@include specify-user-id.texi
+@end ifset
+
+@mansect return value
+@chapheading RETURN VALUE
+
+The program returns 0 if everything was fine, 1 if at least
+a signature was bad, and other error codes for fatal errors.
+
+@mansect warnings
+@chapheading WARNINGS
+
+Use a *good* password for your user account and a *good* passphrase
+to protect your secret key. This passphrase is the weakest part of the
+whole system. Programs to do dictionary attacks on your secret keyring
+are very easy to write and so you should protect your "~/.gnupg/"
+directory very well.
+
+Keep in mind that, if this program is used over a network (telnet), it
+is *very* easy to spy out your passphrase!
+
+If you are going to verify detached signatures, make sure that the
+program knows about it; either give both filenames on the command line
+or use @samp{-} to specify STDIN.
+
+@mansect interoperability
+@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
+
+GnuPG tries to be a very flexible implementation of the OpenPGP
+standard. In particular, GnuPG implements many of the optional parts
+of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
+compression algorithms. It is important to be aware that not all
+OpenPGP programs implement these optional algorithms and that by
+forcing their use via the @option{--cipher-algo},
+@option{--digest-algo}, @option{--cert-digest-algo}, or
+@option{--compress-algo} options in GnuPG, it is possible to create a
+perfectly valid OpenPGP message, but one that cannot be read by the
+intended recipient.
+
+There are dozens of variations of OpenPGP programs available, and each
+supports a slightly different subset of these optional algorithms.
+For example, until recently, no (unhacked) version of PGP supported
+the BLOWFISH cipher algorithm. A message using BLOWFISH simply could
+not be read by a PGP user. By default, GnuPG uses the standard
+OpenPGP preferences system that will always do the right thing and
+create messages that are usable by all recipients, regardless of which
+OpenPGP program they use. Only override this safe default if you
+really know what you are doing.
+
+If you absolutely must override the safe default, or if the preferences
+on a given key are invalid for some reason, you are far better off using
+the @option{--pgp6}, @option{--pgp7}, or @option{--pgp8} options. These
+options are safe as they do not force any particular algorithms in
+violation of OpenPGP, but rather reduce the available algorithms to a
+"PGP-safe" list.
+
+@mansect bugs
+@chapheading BUGS
+
+On older systems this program should be installed as setuid(root). This
+is necessary to lock memory pages. Locking memory pages prevents the
+operating system from writing memory pages (which may contain
+passphrases or other sensitive material) to disk. If you get no
+warning message about insecure memory your operating system supports
+locking without being root. The program drops root privileges as soon
+as locked memory is allocated.
+
+Note also that some systems (especially laptops) have the ability to
+``suspend to disk'' (also known as ``safe sleep'' or ``hibernate'').
+This writes all memory to disk before going into a low power or even
+powered off mode. Unless measures are taken in the operating system
+to protect the saved memory, passphrases or other sensitive material
+may be recoverable from it later.
+
+Before you report a bug you should first search the mailing list
+archives for similar problems and second check whether such a bug has
+already been reported to our bug tracker at http://bugs.gnupg.org .
+
+@c *******************************************
+@c *************** **************
+@c *************** UNATTENDED **************
+@c *************** **************
+@c *******************************************
+@manpause
+@node Unattended Usage of GPG
+@section Unattended Usage
+
+@command{gpg} is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. The options @option{--status-fd} and @option{--batch}
+are almost always required for this.
+
+@menu
+* Unattended GPG key generation:: Unattended key generation
+@end menu
+
+
+@node Unattended GPG key generation,,,Unattended Usage of GPG
+@section Unattended key generation
+
+The command @option{--gen-key} may be used along with the option
+@option{--batch} for unattended key generation. The parameters are
+either read from stdin or given as a file on the command line.
+The format of the parameter file is as follows:
+
+@itemize @bullet
+ @item Text only, line length is limited to about 1000 characters.
+ @item UTF-8 encoding must be used to specify non-ASCII characters.
+ @item Empty lines are ignored.
+ @item Leading and trailing while space is ignored.
+ @item A hash sign as the first non white space character indicates
+ a comment line.
+ @item Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+ @item Parameters are specified by a keyword, followed by a colon. Arguments
+ are separated by white space.
+ @item
+ The first parameter must be @samp{Key-Type}; control statements may be
+ placed anywhere.
+ @item
+ The order of the parameters does not matter except for @samp{Key-Type}
+ which must be the first parameter. The parameters are only used for
+ the generated keyblock (primary and subkeys); parameters from previous
+ sets are not used. Some syntactically checks may be performed.
+ @item
+ Key generation takes place when either the end of the parameter file
+ is reached, the next @samp{Key-Type} parameter is encountered or at the
+ control statement @samp{%commit} is encountered.
+@end itemize
+
+@noindent
+Control statements:
+
+@table @asis
+
+@item %echo @var{text}
+Print @var{text} as diagnostic.
+
+@item %dry-run
+Suppress actual key generation (useful for syntax checking).
+
+@item %commit
+Perform the key generation. Note that an implicit commit is done at
+the next @asis{Key-Type} parameter.
+
+@item %pubring @var{filename}
+@itemx %secring @var{filename}
+Do not write the key to the default or commandline given keyring but
+to @var{filename}. This must be given before the first commit to take
+place, duplicate specification of the same filename is ignored, the
+last filename before a commit is used. The filename is used until a
+new filename is used (at commit points) and all keys are written to
+that file. If a new filename is given, this file is created (and
+overwrites an existing one). For GnuPG versions prior to 2.1, both
+control statements must be given. For GnuPG 2.1 and later
+@samp{%secring} is a no-op.
+
+@item %ask-passphrase
+@itemx %no-ask-passphrase
+Enable (or disable) a mode where the command @option{passphrase} is
+ignored and instead the usual passphrase dialog is used. This does
+not make sense for batch key generation; however the unattended key
+generation feature is also used by GUIs and this feature relinquishes
+the GUI from implementing its own passphrase entry code. These are
+global control statements and affect all future key genrations.
+
+@item %no-protection
+Since GnuPG version 2.1 it is not anymore possible to specify a
+passphrase for unattended key generation. The passphrase command is
+simply ignored and @samp{%ask-passpharse} is thus implicitly enabled.
+Using this option allows the creation of keys without any passphrase
+protection. This option is mainly intended for regression tests.
+
+@item %transient-key
+If given the keys are created using a faster and a somewhat less
+secure random number generator. This option may be used for keys
+which are only used for a short time and do not require full
+cryptographic strength. It takes only effect if used together with
+the control statement @samp{%no-protection}.
+
+@end table
+
+@noindent
+General Parameters:
+
+@table @asis
+
+@item Key-Type: @var{algo}
+Starts a new parameter block by giving the type of the primary
+key. The algorithm must be capable of signing. This is a required
+parameter. @var{algo} may either be an OpenPGP algorithm number or a
+string with the algorithm name. The special value @samp{default} may
+be used for @var{algo} to create the default key type; in this case a
+@samp{Key-Usage} shall not be given and @samp{default} also be used
+for @samp{Subkey-Type}.
+
+@item Key-Length: @var{nbits}
+The requested length of the generated key in bits. The default is
+returned by running the command @samp{gpg2 --gpgconf-list}.
+
+@item Key-Grip: @var{hexstring}
+This is optional and used to generate a CSR or certificate for an
+already existing key. Key-Length will be ignored when given.
+
+@item Key-Usage: @var{usage-list}
+Space or comma delimited list of key usages. Allowed values are
+@samp{encrypt}, @samp{sign}, and @samp{auth}. This is used to
+generate the key flags. Please make sure that the algorithm is
+capable of this usage. Note that OpenPGP requires that all primary
+keys are capable of certification, so no matter what usage is given
+here, the @samp{cert} flag will be on. If no @samp{Key-Usage} is
+specified and the @samp{Key-Type} is not @samp{default}, all allowed
+usages for that particular algorithm are used; if it is not given but
+@samp{default} is used the usage will be @samp{sign}.
+
+@item Subkey-Type: @var{algo}
+This generates a secondary key (subkey). Currently only one subkey
+can be handled. See also @samp{Key-Type} above.
+
+@item Subkey-Length: @var{nbits}
+Length of the secondary key (subkey) in bits. The default is returned
+by running the command @samp{gpg2 --gpgconf-list}".
+
+@item Subkey-Usage: @var{usage-list}
+Key usage lists for a subkey; similar to @samp{Key-Usage}.
+
+@item Passphrase: @var{string}
+If you want to specify a passphrase for the secret key,
+enter it here. Default is not to use any passphrase.
+
+@item Name-Real: @var{name}
+@itemx Name-Comment: @var{comment}
+@itemx Name-Email: @var{email}
+The three parts of a user name. Remember to use UTF-8 encoding here.
+If you don't give any of them, no user ID is created.
+
+@item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y])
+Set the expiration date for the key (and the subkey). It may either
+be entered in ISO date format (2000-08-15) or as number of days,
+weeks, month or years. The special notation "seconds=N" is also
+allowed to directly give an Epoch value. Without a letter days are
+assumed. Note that there is no check done on the overflow of the type
+used by OpenPGP for timestamps. Thus you better make sure that the
+given value make sense. Although OpenPGP works with time intervals,
+GnuPG uses an absolute value internally and thus the last year we can
+represent is 2105.
+
+@item Ceation-Date: @var{iso-date}
+Set the creation date of the key as stored in the key information and
+which is also part of the fingerprint calculation. Either a date like
+"1986-04-26" or a full timestamp like "19860426T042640" may be used.
+The time is considered to be UTC. If it is not given the current time
+is used.
+
+@item Preferences: @var{string}
+Set the cipher, hash, and compression preference values for this key.
+This expects the same type of string as the sub-command @samp{setpref}
+in the @option{--edit-key} menu.
+
+@item Revoker: @var{algo}:@var{fpr} [sensitive]
+Add a designated revoker to the generated key. Algo is the public key
+algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)
+@var{fpr} is the fingerprint of the designated revoker. The optional
+@samp{sensitive} flag marks the designated revoker as sensitive
+information. Only v4 keys may be designated revokers.
+
+@item Keyserver: @var{string}
+This is an optional parameter that specifies the preferred keyserver
+URL for the key.
+
+@item Handle: @var{string}
+This is an optional parameter only used with the status lines
+KEY_CREATED and KEY_NOT_CREATED. @var{string} may be up to 100
+characters and should not contain spaces. It is useful for batch key
+generation to associate a key parameter block with a status line.
+
+@end table
+
+@noindent
+Here is an example on how to create a key:
+@smallexample
+$ cat >foo <<EOF
+ %echo Generating a basic OpenPGP key
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+EOF
+$ gpg2 --batch --gen-key foo
+ [...]
+$ gpg2 --no-default-keyring --secret-keyring ./foo.sec \
+ --keyring ./foo.pub --list-secret-keys
+/home/wk/work/gnupg-stable/scratch/foo.sec
+------------------------------------------
+sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@@foo.bar>
+ssb 1024g/8F70E2C0 2000-03-09
+@end smallexample
+
+
+@noindent
+If you want to create a key with the default algorithms you would use
+these parameters:
+@smallexample
+ %echo Generating a default key
+ Key-Type: default
+ Subkey-Type: default
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+@end smallexample
+
+
+
+
+@mansect see also
+@ifset isman
+@command{gpgv}(1),
+@ifclear gpgone
+@command{gpgsm}(1),
+@command{gpg-agent}(1)
+@end ifclear
+@end ifset
+@include see-also-note.texi
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
new file mode 100644
index 0000000..bdb0378
--- /dev/null
+++ b/doc/gpgsm.texi
@@ -0,0 +1,1458 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Invoking GPGSM
+@chapter Invoking GPGSM
+@cindex GPGSM command options
+@cindex command options
+@cindex options, GPGSM command
+
+@manpage gpgsm.1
+@ifset manverb
+.B gpgsm
+\- CMS encryption and signing tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgsm
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.I command
+.RI [ args ]
+@end ifset
+
+
+@mansect description
+@command{gpgsm} is a tool similar to @command{gpg} to provide digital
+encryption and signing services on X.509 certificates and the CMS
+protocol. It is mainly used as a backend for S/MIME mail processing.
+@command{gpgsm} includes a full featured certificate management and
+complies with all rules defined for the German Sphinx project.
+
+@manpause
+@xref{Option Index}, for an index to @command{GPGSM}'s commands and options.
+@mancont
+
+@menu
+* GPGSM Commands:: List of all commands.
+* GPGSM Options:: List of all options.
+* GPGSM Configuration:: Configuration files.
+* GPGSM Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage:: Using @command{gpgsm} from other programs.
+* GPGSM Protocol:: The protocol the server mode uses.
+@end menu
+
+@c *******************************************
+@c *************** ****************
+@c *************** COMMANDS ****************
+@c *************** ****************
+@c *******************************************
+@mansect commands
+@node GPGSM Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@menu
+* General GPGSM Commands:: Commands not specific to the functionality.
+* Operational GPGSM Commands:: Commands to select the type of operation.
+* Certificate Management:: How to manage certificates.
+@end menu
+
+
+@c *******************************************
+@c ********** GENERAL COMMANDS *************
+@c *******************************************
+@node General GPGSM Commands
+@subsection Commands not specific to the function
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you
+cannot abbreviate this command.
+
+@item --help, -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Note that you cannot abbreviate this command.
+
+@item --warranty
+@opindex warranty
+Print warranty information. Note that you cannot abbreviate this
+command.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Note that you cannot
+abbreviate this command.
+@end table
+
+
+@c *******************************************
+@c ******** OPERATIONAL COMMANDS ***********
+@c *******************************************
+@node Operational GPGSM Commands
+@subsection Commands to select the type of operation
+
+@table @gnupgtabopt
+@item --encrypt
+@opindex encrypt
+Perform an encryption. The keys the data is encrypted too must be set
+using the option @option{--recipient}.
+
+@item --decrypt
+@opindex decrypt
+Perform a decryption; the type of input is automatically determined. It
+may either be in binary form or PEM encoded; automatic determination of
+base-64 encoding is not done.
+
+@item --sign
+@opindex sign
+Create a digital signature. The key used is either the fist one found
+in the keybox or those set with the @option{--local-user} option.
+
+@item --verify
+@opindex verify
+Check a signature file for validity. Depending on the arguments a
+detached signature may also be checked.
+
+@item --server
+@opindex server
+Run in server mode and wait for commands on the @code{stdin}.
+
+@item --call-dirmngr @var{command} [@var{args}]
+@opindex call-dirmngr
+Behave as a Dirmngr client issuing the request @var{command} with the
+optional list of @var{args}. The output of the Dirmngr is printed
+stdout. Please note that file names given as arguments should have an
+absolute file name (i.e. commencing with @code{/} because they are
+passed verbatim to the Dirmngr and the working directory of the
+Dirmngr might not be the same as the one of this client. Currently it
+is not possible to pass data via stdin to the Dirmngr. @var{command}
+should not contain spaces.
+
+This is command is required for certain maintaining tasks of the dirmngr
+where a dirmngr must be able to call back to @command{gpgsm}. See the Dirmngr
+manual for details.
+
+@item --call-protect-tool @var{arguments}
+@opindex call-protect-tool
+Certain maintenance operations are done by an external program call
+@command{gpg-protect-tool}; this is usually not installed in a directory
+listed in the PATH variable. This command provides a simple wrapper to
+access this tool. @var{arguments} are passed verbatim to this command;
+use @samp{--help} to get a list of supported operations.
+
+
+@end table
+
+
+@c *******************************************
+@c ******* CERTIFICATE MANAGEMENT **********
+@c *******************************************
+@node Certificate Management
+@subsection How to manage the certificates and keys
+
+@table @gnupgtabopt
+@item --gen-key
+@opindex gen-key
+@ifclear gpgtwoone
+-This command allows the creation of a certificate signing request. It
+-is commonly used along with the @option{--output} option to save the
+-created CSR into a file. If used with the @option{--batch} a parameter
+-file is used to create the CSR.
+@end ifclear
+@ifset gpgtwoone
+This command allows the creation of a certificate signing request or a
+self-signed certificate. It is commonly used along with the
+@option{--output} option to save the created CSR or certificate into a
+file. If used with the @option{--batch} a parameter file is used to
+create the CSR or certificate and it is further possible to create
+non-self-signed certificates.
+@end ifset
+
+@item --list-keys
+@itemx -k
+@opindex list-keys
+List all available certificates stored in the local key database.
+Note that the displayed data might be reformatted for better human
+readability and illegal characters are replaced by safe substitutes.
+
+@item --list-secret-keys
+@itemx -K
+@opindex list-secret-keys
+List all available certificates for which a corresponding a secret key
+is available.
+
+@item --list-external-keys @var{pattern}
+@opindex list-keys
+List certificates matching @var{pattern} using an external server. This
+utilizes the @code{dirmngr} service.
+
+@item --list-chain
+@opindex list-chain
+Same as @option{--list-keys} but also prints all keys making up the chain.
+
+
+@item --dump-cert
+@itemx --dump-keys
+@opindex dump-cert
+@opindex dump-keys
+List all available certificates stored in the local key database using a
+format useful mainly for debugging.
+
+@item --dump-chain
+@opindex dump-chain
+Same as @option{--dump-keys} but also prints all keys making up the chain.
+
+@item --dump-secret-keys
+@opindex dump-secret-keys
+List all available certificates for which a corresponding a secret key
+is available using a format useful mainly for debugging.
+
+@item --dump-external-keys @var{pattern}
+@opindex dump-external-keys
+List certificates matching @var{pattern} using an external server.
+This utilizes the @code{dirmngr} service. It uses a format useful
+mainly for debugging.
+
+@item --keydb-clear-some-cert-flags
+@opindex keydb-clear-some-cert-flags
+This is a debugging aid to reset certain flags in the key database
+which are used to cache certain certificate stati. It is especially
+useful if a bad CRL or a weird running OCSP responder did accidentally
+revoke certificate. There is no security issue with this command
+because @command{gpgsm} always make sure that the validity of a certificate is
+checked right before it is used.
+
+@item --delete-keys @var{pattern}
+@opindex delete-keys
+Delete the keys matching @var{pattern}. Note that there is no command
+to delete the secret part of the key directly. In case you need to do
+this, you should run the command @code{gpgsm --dump-secret-keys KEYID}
+before you delete the key, copy the string of hex-digits in the
+``keygrip'' line and delete the file consisting of these hex-digits
+and the suffix @code{.key} from the @file{private-keys-v1.d} directory
+below our GnuPG home directory (usually @file{~/.gnupg}).
+
+@item --export [@var{pattern}]
+@opindex export
+Export all certificates stored in the Keybox or those specified by the
+optional @var{pattern}. Those pattern consist of a list of user ids
+(@pxref{how-to-specify-a-user-id}). When used along with the
+@option{--armor} option a few informational lines are prepended before
+each block. There is one limitation: As there is no commonly agreed
+upon way to pack more than one certificate into an ASN.1 structure,
+the binary export (i.e. without using @option{armor}) works only for
+the export of one certificate. Thus it is required to specify a
+@var{pattern} which yields exactly one certificate. Ephemeral
+certificate are only exported if all @var{pattern} are given as
+fingerprints or keygrips.
+
+@item --export-secret-key-p12 @var{key-id}
+@opindex export
+Export the private key and the certificate identified by @var{key-id} in
+a PKCS#12 format. When using along with the @code{--armor} option a few
+informational lines are prepended to the output. Note, that the PKCS#12
+format is not very secure and this command is only provided if there is
+no other way to exchange the private key. (@pxref{option --p12-charset})
+
+@item --import [@var{files}]
+@opindex import
+Import the certificates from the PEM or binary encoded files as well as
+from signed-only messages. This command may also be used to import a
+secret key from a PKCS#12 file.
+
+@item --learn-card
+@opindex learn-card
+Read information about the private keys from the smartcard and import
+the certificates from there. This command utilizes the @command{gpg-agent}
+and in turn the @command{scdaemon}.
+
+@item --passwd @var{user_id}
+@opindex passwd
+Change the passphrase of the private key belonging to the certificate
+specified as @var{user_id}. Note, that changing the passphrase/PIN of a
+smartcard is not yet supported.
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** OPTIONS ****************
+@c *************** ****************
+@c *******************************************
+@mansect options
+@node GPGSM Options
+@section Option Summary
+
+@command{GPGSM} features a bunch of options to control the exact behaviour
+and to change the default configuration.
+
+@menu
+* Configuration Options:: How to change the configuration.
+* Certificate Options:: Certificate related options.
+* Input and Output:: Input and Output.
+* CMS Options:: How to change how the CMS is created.
+* Esoteric Options:: Doing things one usually do not want to do.
+@end menu
+
+
+@c *******************************************
+@c ******** CONFIGURATION OPTIONS **********
+@c *******************************************
+@node Configuration Options
+@subsection How to change the configuration
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+@table @gnupgtabopt
+
+@item --options @var{file}
+@opindex options
+Reads configuration from @var{file} instead of from the default
+per-user configuration file. The default configuration file is named
+@file{gpgsm.conf} and expected in the @file{.gnupg} directory directly
+below the home directory of the user.
+
+@include opt-homedir.texi
+
+
+@item -v
+@item --verbose
+@opindex v
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @command{gpgsm}, such as @samp{-vv}.
+
+@item --policy-file @var{filename}
+@opindex policy-file
+Change the default name of the policy file to @var{filename}.
+
+@item --agent-program @var{file}
+@opindex agent-program
+Specify an agent program to be used for secret key operations. The
+default value is the @file{/usr/local/bin/gpg-agent}. This is only used
+as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
+set or a running agent cannot be connected.
+
+@item --dirmngr-program @var{file}
+@opindex dirmnr-program
+Specify a dirmngr program to be used for @acronym{CRL} checks. The
+default value is @file{/usr/sbin/dirmngr}. This is only used as a
+fallback when the environment variable @code{DIRMNGR_INFO} is not set or
+a running dirmngr cannot be connected.
+
+@item --prefer-system-dirmngr
+@opindex prefer-system-dirmngr
+If a system wide @command{dirmngr} is running in daemon mode, first try
+to connect to this one. Fallback to a pipe based server if this does
+not work. Under Windows this option is ignored because the system dirmngr is
+always used.
+
+@item --disable-dirmngr
+Entirely disable the use of the Dirmngr.
+
+@item --no-secmem-warning
+@opindex no-secmem-warning
+Do not print a warning when the so called "secure memory" cannot be used.
+
+@item --log-file @var{file}
+@opindex log-file
+When running in server mode, append all logging output to @var{file}.
+
+@end table
+
+
+@c *******************************************
+@c ******** CERTIFICATE OPTIONS ************
+@c *******************************************
+@node Certificate Options
+@subsection Certificate related options
+
+@table @gnupgtabopt
+
+@item --enable-policy-checks
+@itemx --disable-policy-checks
+@opindex enable-policy-checks
+@opindex disable-policy-checks
+By default policy checks are enabled. These options may be used to
+change it.
+
+@item --enable-crl-checks
+@itemx --disable-crl-checks
+@opindex enable-crl-checks
+@opindex disable-crl-checks
+By default the @acronym{CRL} checks are enabled and the DirMngr is used
+to check for revoked certificates. The disable option is most useful
+with an off-line network connection to suppress this check.
+
+@item --enable-trusted-cert-crl-check
+@itemx --disable-trusted-cert-crl-check
+@opindex enable-trusted-cert-crl-check
+@opindex disable-trusted-cert-crl-check
+By default the @acronym{CRL} for trusted root certificates are checked
+like for any other certificates. This allows a CA to revoke its own
+certificates voluntary without the need of putting all ever issued
+certificates into a CRL. The disable option may be used to switch this
+extra check off. Due to the caching done by the Dirmngr, there will not be
+any noticeable performance gain. Note, that this also disables possible
+OCSP checks for trusted root certificates. A more specific way of
+disabling this check is by adding the ``relax'' keyword to the root CA
+line of the @file{trustlist.txt}
+
+
+@item --force-crl-refresh
+@opindex force-crl-refresh
+Tell the dirmngr to reload the CRL for each request. For better
+performance, the dirmngr will actually optimize this by suppressing
+the loading for short time intervals (e.g. 30 minutes). This option
+is useful to make sure that a fresh CRL is available for certificates
+hold in the keybox. The suggested way of doing this is by using it
+along with the option @option{--with-validation} for a key listing
+command. This option should not be used in a configuration file.
+
+@item --enable-ocsp
+@itemx --disable-ocsp
+@opindex enable-ocsp
+@opindex disable-ocsp
+By default @acronym{OCSP} checks are disabled. The enable option may
+be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks
+are also enabled, CRLs will be used as a fallback if for some reason an
+OCSP request will not succeed. Note, that you have to allow OCSP
+requests in Dirmngr's configuration too (option
+@option{--allow-ocsp}) and configure Dirmngr properly. If you do not do
+so you will get the error code @samp{Not supported}.
+
+@item --auto-issuer-key-retrieve
+@opindex auto-issuer-key-retrieve
+If a required certificate is missing while validating the chain of
+certificates, try to load that certificate from an external location.
+This usually means that Dirmngr is employed to search for the
+certificate. Note that this option makes a "web bug" like behavior
+possible. LDAP server operators can see which keys you request, so by
+sending you a message signed by a brand new key (which you naturally
+will not have on your local keybox), the operator can tell both your IP
+address and the time when you verified the signature.
+
+
+@item --validation-model @var{name}
+@opindex validation-model
+This option changes the default validation model. The only possible
+values are "shell" (which is the default), "chain" which forces the
+use of the chain model and "steed" for a new simplified model. The
+chain model is also used if an option in the @file{trustlist.txt} or
+an attribute of the certificate requests it. However the standard
+model (shell) is in that case always tried first.
+
+@item --ignore-cert-extension @var{oid}
+@opindex ignore-cert-extension
+Add @var{oid} to the list of ignored certificate extensions. The
+@var{oid} is expected to be in dotted decimal form, like
+@code{2.5.29.3}. This option may be used more than once. Critical
+flagged certificate extensions matching one of the OIDs in the list
+are treated as if they are actually handled and thus the certificate
+will not be rejected due to an unknown critical extension. Use this
+option with care because extensions are usually flagged as critical
+for a reason.
+
+@end table
+
+@c *******************************************
+@c *********** INPUT AND OUTPUT ************
+@c *******************************************
+@node Input and Output
+@subsection Input and Output
+
+@table @gnupgtabopt
+@item --armor
+@itemx -a
+@opindex armor
+Create PEM encoded output. Default is binary output.
+
+@item --base64
+@opindex base64
+Create Base-64 encoded output; i.e. PEM without the header lines.
+
+@item --assume-armor
+@opindex assume-armor
+Assume the input data is PEM encoded. Default is to autodetect the
+encoding but this is may fail.
+
+@item --assume-base64
+@opindex assume-base64
+Assume the input data is plain base-64 encoded.
+
+@item --assume-binary
+@opindex assume-binary
+Assume the input data is binary encoded.
+
+@anchor{option --p12-charset}
+@item --p12-charset @var{name}
+@opindex p12-charset
+@command{gpgsm} uses the UTF-8 encoding when encoding passphrases for
+PKCS#12 files. This option may be used to force the passphrase to be
+encoded in the specified encoding @var{name}. This is useful if the
+application used to import the key uses a different encoding and thus
+will not be able to import a file generated by @command{gpgsm}. Commonly
+used values for @var{name} are @code{Latin1} and @code{CP850}. Note
+that @command{gpgsm} itself automagically imports any file with a
+passphrase encoded to the most commonly used encodings.
+
+
+@item --default-key @var{user_id}
+@opindex default-key
+Use @var{user_id} as the standard key for signing. This key is used if
+no other key has been defined as a signing key. Note, that the first
+@option{--local-users} option also sets this key if it has not yet been
+set; however @option{--default-key} always overrides this.
+
+
+@item --local-user @var{user_id}
+@item -u @var{user_id}
+@opindex local-user
+Set the user(s) to be used for signing. The default is the first
+secret key found in the database.
+
+
+@item --recipient @var{name}
+@itemx -r
+@opindex recipient
+Encrypt to the user id @var{name}. There are several ways a user id
+may be given (@pxref{how-to-specify-a-user-id}).
+
+
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to @var{file}. The default is to write it to stdout.
+
+
+@item --with-key-data
+@opindex with-key-data
+Displays extra information with the @code{--list-keys} commands. Especially
+a line tagged @code{grp} is printed which tells you the keygrip of a
+key. This string is for example used as the file name of the
+secret key.
+
+@item --with-validation
+@opindex with-validation
+When doing a key listing, do a full validation check for each key and
+print the result. This is usually a slow operation because it
+requires a CRL lookup and other operations.
+
+When used along with --import, a validation of the certificate to
+import is done and only imported if it succeeds the test. Note that
+this does not affect an already available certificate in the DB.
+This option is therefore useful to simply verify a certificate.
+
+
+@item --with-md5-fingerprint
+For standard key listings, also print the MD5 fingerprint of the
+certificate.
+
+@item --with-keygrip
+Include the keygrip in standard key listings. Note that the keygrip is
+always listed in --with-colons mode.
+
+@end table
+
+@c *******************************************
+@c ************* CMS OPTIONS ***************
+@c *******************************************
+@node CMS Options
+@subsection How to change how the CMS is created.
+
+@table @gnupgtabopt
+@item --include-certs @var{n}
+@opindex include-certs
+Using @var{n} of -2 includes all certificate except for the root cert,
+-1 includes all certs, 0 does not include any certs, 1 includes only the
+signers cert and all other positive values include up to @var{n}
+certificates starting with the signer cert. The default is -2.
+
+@item --cipher-algo @var{oid}
+@opindex cipher-algo
+Use the cipher algorithm with the ASN.1 object identifier @var{oid} for
+encryption. For convenience the strings @code{3DES}, @code{AES} and
+@code{AES256} may be used instead of their OIDs. The default is
+@code{3DES} (1.2.840.113549.3.7).
+
+@item --digest-algo @code{name}
+Use @code{name} as the message digest algorithm. Usually this
+algorithm is deduced from the respective signing certificate. This
+option forces the use of the given algorithm and may lead to severe
+interoperability problems.
+
+@end table
+
+
+
+@c *******************************************
+@c ******** ESOTERIC OPTIONS ***************
+@c *******************************************
+@node Esoteric Options
+@subsection Doing things one usually do not want to do.
+
+
+@table @gnupgtabopt
+
+@item --extra-digest-algo @var{name}
+@opindex extra-digest-algo
+Sometimes signatures are broken in that they announce a different digest
+algorithm than actually used. @command{gpgsm} uses a one-pass data
+processing model and thus needs to rely on the announced digest
+algorithms to properly hash the data. As a workaround this option may
+be used to tell gpg to also hash the data using the algorithm
+@var{name}; this slows processing down a little bit but allows to verify
+such broken signatures. If @command{gpgsm} prints an error like
+``digest algo 8 has not been enabled'' you may want to try this option,
+with @samp{SHA256} for @var{name}.
+
+
+@item --faked-system-time @var{epoch}
+@opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970. Alternatively @var{epoch} may be given as a full ISO time string
+(e.g. "20070924T154812").
+
+@item --with-ephemeral-keys
+@opindex with-ephemeral-keys
+Include ephemeral flagged keys in the output of key listings. Note
+that they are included anyway if the key specification for a listing
+is given as fingerprint or keygrip.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or by a keyword:
+
+@table @code
+@item none
+No debugging at all. A value of less than 1 may be used instead of
+the keyword.
+@item basic
+Some basic debug messages. A value between 1 and 2 may be used
+instead of the keyword.
+@item advanced
+More verbose debug messages. A value between 3 and 5 may be used
+instead of the keyword.
+@item expert
+Even more detailed messages. A value between 6 and 8 may be used
+instead of the keyword.
+@item guru
+All of the debug messages you can get. A value greater than 8 may be
+used instead of the keyword. The creation of hash tracing files is
+only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@item --debug @var{flags}
+@opindex debug
+This option is only useful for debugging and the behaviour may change
+at any time without notice; using @code{--debug-levels} is the
+preferred method to select the debug verbosity. FLAGS are bit encoded
+and may be given in usual C-Syntax. The currently defined bits are:
+
+@table @code
+@item 0 (1)
+X.509 or OpenPGP protocol related data
+@item 1 (2)
+values of big number integers
+@item 2 (4)
+low level crypto operations
+@item 5 (32)
+memory allocation
+@item 6 (64)
+caching
+@item 7 (128)
+show memory statistics.
+@item 9 (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol
+@end table
+
+Note, that all flags set using this option may get overridden by
+@code{--debug-level}.
+
+@item --debug-all
+@opindex debug-all
+Same as @code{--debug=0xffffffff}
+
+@item --debug-allow-core-dump
+@opindex debug-allow-core-dump
+Usually @command{gpgsm} tries to avoid dumping core by well written code and by
+disabling core dumps for security reasons. However, bugs are pretty
+durable beasts and to squash them it is sometimes useful to have a core
+dump. This option enables core dumps unless the Bad Thing happened
+before the option parsing.
+
+@item --debug-no-chain-validation
+@opindex debug-no-chain-validation
+This is actually not a debugging option but only useful as such. It
+lets @command{gpgsm} bypass all certificate chain validation checks.
+
+@item --debug-ignore-expiration
+@opindex debug-ignore-expiration
+This is actually not a debugging option but only useful as such. It
+lets @command{gpgsm} ignore all notAfter dates, this is used by the regression
+tests.
+
+@item --fixed-passphrase @var{string}
+@opindex fixed-passphrase
+Supply the passphrase @var{string} to the gpg-protect-tool. This
+option is only useful for the regression tests included with this
+package and may be revised or removed at any time without notice.
+
+@item --no-common-certs-import
+@opindex no-common-certs-import
+Suppress the import of common certificates on keybox creation.
+
+@end table
+
+All the long options may also be given in the configuration file after
+stripping off the two leading dashes.
+
+@c *******************************************
+@c *************** ****************
+@c *************** USER ID ****************
+@c *************** ****************
+@c *******************************************
+@mansect how to specify a user id
+@ifset isman
+@include specify-user-id.texi
+@end ifset
+
+@c *******************************************
+@c *************** ****************
+@c *************** FILES ****************
+@c *************** ****************
+@c *******************************************
+@mansect files
+@node GPGSM Configuration
+@section Configuration files
+
+There are a few configuration files to control certain aspects of
+@command{gpgsm}'s operation. Unless noted, they are expected in the
+current home directory (@pxref{option --homedir}).
+
+@table @file
+
+@item gpgsm.conf
+@cindex gpgsm.conf
+This is the standard configuration file read by @command{gpgsm} on
+startup. It may contain any valid long option; the leading two dashes
+may not be entered and the option may not be abbreviated. This default
+name may be changed on the command line (@pxref{option
+ --options}). You should backup this file.
+
+
+@item policies.txt
+@cindex policies.txt
+This is a list of allowed CA policies. This file should list the
+object identifiers of the policies line by line. Empty lines and
+lines starting with a hash mark are ignored. Policies missing in this
+file and not marked as critical in the certificate will print only a
+warning; certificates with policies marked as critical and not listed
+in this file will fail the signature verification. You should backup
+this file.
+
+For example, to allow only the policy 2.289.9.9, the file should look
+like this:
+
+@c man:.RS
+@example
+# Allowed policies
+2.289.9.9
+@end example
+@c man:.RE
+
+@item qualified.txt
+@cindex qualified.txt
+This is the list of root certificates used for qualified certificates.
+They are defined as certificates capable of creating legally binding
+signatures in the same way as handwritten signatures are. Comments
+start with a hash mark and empty lines are ignored. Lines do have a
+length limit but this is not a serious limitation as the format of the
+entries is fixed and checked by gpgsm: A non-comment line starts with
+optional whitespace, followed by exactly 40 hex character, white space
+and a lowercased 2 letter country code. Additional data delimited with
+by a white space is current ignored but might late be used for other
+purposes.
+
+Note that even if a certificate is listed in this file, this does not
+mean that the certificate is trusted; in general the certificates listed
+in this file need to be listed also in @file{trustlist.txt}.
+
+This is a global file an installed in the data directory
+(e.g. @file{/usr/share/gnupg/qualified.txt}). GnuPG installs a suitable
+file with root certificates as used in Germany. As new Root-CA
+certificates may be issued over time, these entries may need to be
+updated; new distributions of this software should come with an updated
+list but it is still the responsibility of the Administrator to check
+that this list is correct.
+
+Everytime @command{gpgsm} uses a certificate for signing or verification
+this file will be consulted to check whether the certificate under
+question has ultimately been issued by one of these CAs. If this is the
+case the user will be informed that the verified signature represents a
+legally binding (``qualified'') signature. When creating a signature
+using such a certificate an extra prompt will be issued to let the user
+confirm that such a legally binding signature shall really be created.
+
+Because this software has not yet been approved for use with such
+certificates, appropriate notices will be shown to indicate this fact.
+
+@item help.txt
+@cindex help.txt
+This is plain text file with a few help entries used with
+@command{pinentry} as well as a large list of help items for
+@command{gpg} and @command{gpgsm}. The standard file has English help
+texts; to install localized versions use filenames like @file{help.LL.txt}
+with LL denoting the locale. GnuPG comes with a set of predefined help
+files in the data directory (e.g. @file{/usr/share/gnupg/help.de.txt})
+and allows overriding of any help item by help files stored in the
+system configuration directory (e.g. @file{/etc/gnupg/help.de.txt}).
+For a reference of the help file's syntax, please see the installed
+@file{help.txt} file.
+
+
+@item com-certs.pem
+@cindex com-certs.pem
+This file is a collection of common certificates used to populated a
+newly created @file{pubring.kbx}. An administrator may replace this
+file with a custom one. The format is a concatenation of PEM encoded
+X.509 certificates. This global file is installed in the data directory
+(e.g. @file{/usr/share/gnupg/com-certs.pem}).
+
+@end table
+
+@c man:.RE
+Note that on larger installations, it is useful to put predefined files
+into the directory @file{/etc/skel/.gnupg/} so that newly created users
+start up with a working configuration. For existing users a small
+helper script is provided to create these files (@pxref{addgnupghome}).
+
+For internal purposes gpgsm creates and maintains a few other files;
+they all live in in the current home directory (@pxref{option
+--homedir}). Only @command{gpgsm} may modify these files.
+
+
+@table @file
+@item pubring.kbx
+@cindex pubring.kbx
+This a database file storing the certificates as well as meta
+information. For debugging purposes the tool @command{kbxutil} may be
+used to show the internal structure of this file. You should backup
+this file.
+
+@item random_seed
+@cindex random_seed
+This content of this file is used to maintain the internal state of the
+random number generator across invocations. The same file is used by
+other programs of this software too.
+
+@item S.gpg-agent
+@cindex S.gpg-agent
+If this file exists and the environment variable @env{GPG_AGENT_INFO} is
+not set, @command{gpgsm} will first try to connect to this socket for
+accessing @command{gpg-agent} before starting a new @command{gpg-agent}
+instance. Under Windows this socket (which in reality be a plain file
+describing a regular TCP listening port) is the standard way of
+connecting the @command{gpg-agent}.
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** EXAMPLES ****************
+@c *************** ****************
+@c *******************************************
+@mansect examples
+@node GPGSM Examples
+@section Examples
+
+@example
+$ gpgsm -er goo@@bar.net <plaintext >ciphertext
+@end example
+
+
+@c *******************************************
+@c *************** **************
+@c *************** UNATTENDED **************
+@c *************** **************
+@c *******************************************
+@manpause
+@node Unattended Usage
+@section Unattended Usage
+
+@command{gpgsm} is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. This is most likely used with the @code{--server} command
+but may also be used in the standard operation mode by using the
+@code{--status-fd} option.
+
+@menu
+* Automated signature checking:: Automated signature checking.
+* CSR and certificate creation:: CSR and certificate creation.
+@end menu
+
+@node Automated signature checking,,,Unattended Usage
+@section Automated signature checking
+
+It is very important to understand the semantics used with signature
+verification. Checking a signature is not as simple as it may sound and
+so the operation is a bit complicated. In most cases it is required
+to look at several status lines. Here is a table of all cases a signed
+message may have:
+
+@table @asis
+@item The signature is valid
+This does mean that the signature has been successfully verified, the
+certificates are all sane. However there are two subcases with
+important information: One of the certificates may have expired or a
+signature of a message itself as expired. It is a sound practise to
+consider such a signature still as valid but additional information
+should be displayed. Depending on the subcase @command{gpgsm} will issue
+these status codes:
+ @table @asis
+ @item signature valid and nothing did expire
+ @code{GOODSIG}, @code{VALIDSIG}, @code{TRUST_FULLY}
+ @item signature valid but at least one certificate has expired
+ @code{EXPKEYSIG}, @code{VALIDSIG}, @code{TRUST_FULLY}
+ @item signature valid but expired
+ @code{EXPSIG}, @code{VALIDSIG}, @code{TRUST_FULLY}
+ Note, that this case is currently not implemented.
+ @end table
+
+@item The signature is invalid
+This means that the signature verification failed (this is an indication
+of af a transfer error, a program error or tampering with the message).
+@command{gpgsm} issues one of these status codes sequences:
+ @table @code
+ @item @code{BADSIG}
+ @item @code{GOODSIG}, @code{VALIDSIG} @code{TRUST_NEVER}
+ @end table
+
+@item Error verifying a signature
+For some reason the signature could not be verified, i.e. it cannot be
+decided whether the signature is valid or invalid. A common reason for
+this is a missing certificate.
+
+@end table
+
+@node CSR and certificate creation,,,Unattended Usage
+@section CSR and certificate creation
+
+@ifclear gpgtwoone
+@strong{Please notice}: The immediate creation of certificates is only
+supported by GnuPG version 2.1 or later. With a 2.0 version you may
+only create a CSR.
+@end ifclear
+
+The command @option{--gen-key} may be used along with the option
+@option{--batch} to either create a certificate signing request (CSR)
+or an X.509 certificate. The is controlled by a parameter file; the
+format of this file is as follows:
+
+@itemize @bullet
+@item Text only, line length is limited to about 1000 characters.
+@item UTF-8 encoding must be used to specify non-ASCII characters.
+@item Empty lines are ignored.
+@item Leading and trailing while space is ignored.
+@item A hash sign as the first non white space character indicates
+a comment line.
+@item Control statements are indicated by a leading percent sign, the
+arguments are separated by white space from the keyword.
+@item Parameters are specified by a keyword, followed by a colon. Arguments
+are separated by white space.
+@item The first parameter must be @samp{Key-Type}, control statements
+may be placed anywhere.
+@item
+The order of the parameters does not matter except for @samp{Key-Type}
+which must be the first parameter. The parameters are only used for
+the generated CSR/certificate; parameters from previous sets are not
+used. Some syntactically checks may be performed.
+@item
+Key generation takes place when either the end of the parameter file
+is reached, the next @samp{Key-Type} parameter is encountered or at the
+control statement @samp{%commit} is encountered.
+@end itemize
+
+@noindent
+Control statements:
+
+@table @asis
+
+@item %echo @var{text}
+Print @var{text} as diagnostic.
+
+@item %dry-run
+Suppress actual key generation (useful for syntax checking).
+
+@item %commit
+Perform the key generation. Note that an implicit commit is done at
+the next @asis{Key-Type} parameter.
+
+@c %certfile <filename>
+@c [Not yet implemented!]
+@c Do not write the certificate to the keyDB but to <filename>.
+@c This must be given before the first
+@c commit to take place, duplicate specification of the same filename
+@c is ignored, the last filename before a commit is used.
+@c The filename is used until a new filename is used (at commit points)
+@c and all keys are written to that file. If a new filename is given,
+@c this file is created (and overwrites an existing one).
+@c Both control statements must be given.
+@end table
+
+@noindent
+General Parameters:
+
+@table @asis
+
+@item Key-Type: @var{algo}
+Starts a new parameter block by giving the type of the primary
+key. The algorithm must be capable of signing. This is a required
+parameter. The only supported value for @var{algo} is @samp{rsa}.
+
+@item Key-Length: @var{nbits}
+The requested length of a generated key in bits. Defaults to 2048.
+
+@item Key-Grip: @var{hexstring}
+This is optional and used to generate a CSR or certificatet for an
+already existing key. Key-Length will be ignored when given.
+
+@item Key-Usage: @var{usage-list}
+Space or comma delimited list of key usage, allowed values are
+@samp{encrypt}, @samp{sign} and @samp{cert}. This is used to generate
+the keyUsage extension. Please make sure that the algorithm is
+capable of this usage. Default is to allow encrypt and sign.
+
+@item Name-DN: @var{subject-name}
+This is the Distinguished Name (DN) of the subject in RFC-2253 format.
+
+@item Name-Email: @var{string}
+This is an email address for the altSubjectName. This parameter is
+optional but may occur several times to add several email addresses to
+a certificate.
+
+@item Name-DNS: @var{string}
+The is an DNS name for the altSubjectName. This parameter is optional
+but may occur several times to add several DNS names to a certificate.
+
+@item Name-URI: @var{string}
+This is an URI for the altSubjectName. This parameter is optional but
+may occur several times to add several URIs to a certificate.
+@end table
+
+@noindent
+Additional parameters used to create a certificate (in contrast to a
+certificate signing request):
+
+@table @asis
+
+@item Serial: @var{sn}
+If this parameter is given an X.509 certificate will be generated.
+@var{sn} is expected to be a hex string representing an unsigned
+integer of arbitary length. The special value @samp{random} can be
+used to create a 64 bit random serial number.
+
+@item Issuer-DN: @var{issuer-name}
+This is the DN name of the issuer in rfc2253 format. If it is not set
+it will default to the subject DN and a special GnuPG extension will
+be included in the certificate to mark it as a standalone certificate.
+
+@item Creation-Date: @var{iso-date}
+@itemx Not-Before: @var{iso-date}
+Set the notBefore date of the certificate. Either a date like
+@samp{1986-04-26} or @samp{1986-04-26 12:00} or a standard ISO
+timestamp like @samp{19860426T042640} may be used. The time is
+considered to be UTC. If it is not given the current date is used.
+
+@item Expire-Date: @var{iso-date}
+@itemx Not-After: @var{iso-date}
+Set the notAfter date of the certificate. Either a date like
+@samp{2063-04-05} or @samp{2063-04-05 17:00} or a standard ISO
+timestamp like @samp{20630405T170000} may be used. The time is
+considered to be UTC. If it is not given a default value in the not
+too far future is used.
+
+@item Signing-Key: @var{keygrip}
+This gives the keygrip of the key used to sign the certificate. If it
+is not given a self-signed certificate will be created. For
+compatibility with future versions, it is suggested to prefix the
+keygrip with a @samp{&}.
+
+@item Hash-Algo: @var{hash-algo}
+Use @var{hash-algo} for this CSR or certificate. The supported hash
+algorithms are: @samp{sha1}, @samp{sha256}, @samp{sha384} and
+@samp{sha512}; they may also be specified with uppercase letters. The
+default is @samp{sha1}.
+
+@end table
+
+@c *******************************************
+@c *************** *****************
+@c *************** ASSSUAN *****************
+@c *************** *****************
+@c *******************************************
+@node GPGSM Protocol
+@section The Protocol the Server Mode Uses.
+
+Description of the protocol used to access @command{GPGSM}.
+@command{GPGSM} does implement the Assuan protocol and in addition
+provides a regular command line interface which exhibits a full client
+to this protocol (but uses internal linking). To start
+@command{gpgsm} as a server the command line the option
+@code{--server} must be used. Additional options are provided to
+select the communication method (i.e. the name of the socket).
+
+We assume that the connection has already been established; see the
+Assuan manual for details.
+
+@menu
+* GPGSM ENCRYPT:: Encrypting a message.
+* GPGSM DECRYPT:: Decrypting a message.
+* GPGSM SIGN:: Signing a message.
+* GPGSM VERIFY:: Verifying a message.
+* GPGSM GENKEY:: Generating a key.
+* GPGSM LISTKEYS:: List available keys.
+* GPGSM EXPORT:: Export certificates.
+* GPGSM IMPORT:: Import certificates.
+* GPGSM DELETE:: Delete certificates.
+* GPGSM GETINFO:: Information about the process
+@end menu
+
+
+@node GPGSM ENCRYPT
+@subsection Encrypting a Message
+
+Before encryption can be done the recipient must be set using the
+command:
+
+@example
+ RECIPIENT @var{userID}
+@end example
+
+Set the recipient for the encryption. @var{userID} should be the
+internal representation of the key; the server may accept any other way
+of specification. If this is a valid and trusted recipient the server
+does respond with OK, otherwise the return is an ERR with the reason why
+the recipient cannot be used, the encryption will then not be done for
+this recipient. If the policy is not to encrypt at all if not all
+recipients are valid, the client has to take care of this. All
+@code{RECIPIENT} commands are cumulative until a @code{RESET} or an
+successful @code{ENCRYPT} command.
+
+@example
+ INPUT FD[=@var{n}] [--armor|--base64|--binary]
+@end example
+
+Set the file descriptor for the message to be encrypted to @var{n}.
+Obviously the pipe must be open at that point, the server establishes
+its own end. If the server returns an error the client should consider
+this session failed. If @var{n} is not given, this commands uses the
+last file descriptor passed to the application.
+@xref{fun-assuan_sendfd, ,the assuan_sendfd function,assuan,the Libassuan
+manual}, on how to do descriptor passing.
+
+The @code{--armor} option may be used to advice the server that the
+input data is in @acronym{PEM} format, @code{--base64} advices that a
+raw base-64 encoding is used, @code{--binary} advices of raw binary
+input (@acronym{BER}). If none of these options is used, the server
+tries to figure out the used encoding, but this may not always be
+correct.
+
+@example
+ OUTPUT FD[=@var{n}] [--armor|--base64]
+@end example
+
+Set the file descriptor to be used for the output (i.e. the encrypted
+message). Obviously the pipe must be open at that point, the server
+establishes its own end. If the server returns an error he client
+should consider this session failed.
+
+The option armor encodes the output in @acronym{PEM} format, the
+@code{--base64} option applies just a base 64 encoding. No option
+creates binary output (@acronym{BER}).
+
+The actual encryption is done using the command
+
+@example
+ ENCRYPT
+@end example
+
+It takes the plaintext from the @code{INPUT} command, writes to the
+ciphertext to the file descriptor set with the @code{OUTPUT} command,
+take the recipients from all the recipients set so far. If this command
+fails the clients should try to delete all output currently done or
+otherwise mark it as invalid. @command{GPGSM} does ensure that there
+will not be any
+security problem with leftover data on the output in this case.
+
+This command should in general not fail, as all necessary checks have
+been done while setting the recipients. The input and output pipes are
+closed.
+
+
+@node GPGSM DECRYPT
+@subsection Decrypting a message
+
+Input and output FDs are set the same way as in encryption, but
+@code{INPUT} refers to the ciphertext and output to the plaintext. There
+is no need to set recipients. @command{GPGSM} automatically strips any
+@acronym{S/MIME} headers from the input, so it is valid to pass an
+entire MIME part to the INPUT pipe.
+
+The encryption is done by using the command
+
+@example
+ DECRYPT
+@end example
+
+It performs the decrypt operation after doing some check on the internal
+state. (e.g. that all needed data has been set). Because it utilizes
+the GPG-Agent for the session key decryption, there is no need to ask
+the client for a protecting passphrase - GpgAgent takes care of this by
+requesting this from the user.
+
+
+@node GPGSM SIGN
+@subsection Signing a Message
+
+Signing is usually done with these commands:
+
+@example
+ INPUT FD[=@var{n}] [--armor|--base64|--binary]
+@end example
+
+This tells @command{GPGSM} to read the data to sign from file descriptor @var{n}.
+
+@example
+ OUTPUT FD[=@var{m}] [--armor|--base64]
+@end example
+
+Write the output to file descriptor @var{m}. If a detached signature is
+requested, only the signature is written.
+
+@example
+ SIGN [--detached]
+@end example
+
+Sign the data set with the INPUT command and write it to the sink set by
+OUTPUT. With @code{--detached}, a detached signature is created
+(surprise).
+
+The key used for signing is the default one or the one specified in
+the configuration file. To get finer control over the keys, it is
+possible to use the command
+
+@example
+ SIGNER @var{userID}
+@end example
+
+to the signer's key. @var{userID} should be the
+internal representation of the key; the server may accept any other way
+of specification. If this is a valid and trusted recipient the server
+does respond with OK, otherwise the return is an ERR with the reason why
+the key cannot be used, the signature will then not be created using
+this key. If the policy is not to sign at all if not all
+keys are valid, the client has to take care of this. All
+@code{SIGNER} commands are cumulative until a @code{RESET} is done.
+Note that a @code{SIGN} does not reset this list of signers which is in
+contrats to the @code{RECIPIENT} command.
+
+
+@node GPGSM VERIFY
+@subsection Verifying a Message
+
+To verify a mesage the command:
+
+@example
+ VERIFY
+@end example
+
+is used. It does a verify operation on the message send to the input FD.
+The result is written out using status lines. If an output FD was
+given, the signed text will be written to that. If the signature is a
+detached one, the server will inquire about the signed material and the
+client must provide it.
+
+@node GPGSM GENKEY
+@subsection Generating a Key
+
+This is used to generate a new keypair, store the secret part in the
+@acronym{PSE} and the public key in the key database. We will probably
+add optional commands to allow the client to select whether a hardware
+token is used to store the key. Configuration options to
+@command{GPGSM} can be used to restrict the use of this command.
+
+@example
+ GENKEY
+@end example
+
+@command{GPGSM} checks whether this command is allowed and then does an
+INQUIRY to get the key parameters, the client should then send the
+key parameters in the native format:
+
+@example
+ S: INQUIRE KEY_PARAM native
+ C: D foo:fgfgfg
+ C: D bar
+ C: END
+@end example
+
+Please note that the server may send Status info lines while reading the
+data lines from the client. After this the key generation takes place
+and the server eventually does send an ERR or OK response. Status lines
+may be issued as a progress indicator.
+
+
+@node GPGSM LISTKEYS
+@subsection List available keys
+
+To list the keys in the internal database or using an external key
+provider, the command:
+
+@example
+ LISTKEYS @var{pattern}
+@end example
+
+is used. To allow multiple patterns (which are ORed during the search)
+quoting is required: Spaces are to be translated into "+" or into "%20";
+in turn this requires that the usual escape quoting rules are done.
+
+@example
+ LISTSECRETKEYS @var{pattern}
+@end example
+
+Lists only the keys where a secret key is available.
+
+The list commands commands are affected by the option
+
+@example
+ OPTION list-mode=@var{mode}
+@end example
+
+where mode may be:
+@table @code
+@item 0
+Use default (which is usually the same as 1).
+@item 1
+List only the internal keys.
+@item 2
+List only the external keys.
+@item 3
+List internal and external keys.
+@end table
+
+Note that options are valid for the entire session.
+
+
+@node GPGSM EXPORT
+@subsection Export certificates
+
+To export certificate from the internal key database the command:
+
+@example
+ EXPORT [--data [--armor] [--base64]] [--] @var{pattern}
+@end example
+
+is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+If the @option{--data} option has not been given, the format of the
+output depends on what was set with the OUTPUT command. When using
+@acronym{PEM} encoding a few informational lines are prepended.
+
+If the @option{--data} has been given, a target set via OUTPUT is
+ignored and the data is returned inline using standard
+@code{D}-lines. This avoids the need for an extra file descriptor. In
+this case the options @option{--armor} and @option{--base64} may be used
+in the same way as with the OUTPUT command.
+
+
+@node GPGSM IMPORT
+@subsection Import certificates
+
+To import certificates into the internal key database, the command
+
+@example
+ IMPORT [--re-import]
+@end example
+
+is used. The data is expected on the file descriptor set with the
+@code{INPUT} command. Certain checks are performed on the
+certificate. Note that the code will also handle PKCS#12 files and
+import private keys; a helper program is used for that.
+
+With the option @option{--re-import} the input data is expected to a be
+a linefeed separated list of fingerprints. The command will re-import
+the corresponding certificates; that is they are made permanent by
+removing their ephemeral flag.
+
+
+@node GPGSM DELETE
+@subsection Delete certificates
+
+To delete a certificate the command
+
+@example
+ DELKEYS @var{pattern}
+@end example
+
+is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+The certificates must be specified unambiguously otherwise an error is
+returned.
+
+@node GPGSM GETINFO
+@subsection Return information about the process
+
+This is a multipurpose function to return a variety of information.
+
+@example
+GETINFO @var{what}
+@end example
+
+The value of @var{what} specifies the kind of information returned:
+@table @code
+@item version
+Return the version of the program.
+@item pid
+Return the process id of the process.
+@item agent-check
+Return success if the agent is running.
+@item cmd_has_option @var{cmd} @var{opt}
+Return success if the command @var{cmd} implements the option @var{opt}.
+The leading two dashes usually used with @var{opt} shall not be given.
+@end table
+
+@mansect see also
+@ifset isman
+@command{gpg2}(1),
+@command{gpg-agent}(1)
+@end ifset
+@include see-also-note.texi
diff --git a/doc/gpgv.texi b/doc/gpgv.texi
new file mode 100644
index 0000000..b6047f4
--- /dev/null
+++ b/doc/gpgv.texi
@@ -0,0 +1,163 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file GnuPG.texi.
+
+@c
+@c This is included by tools.texi.
+@c
+
+@c Begin GnuPG 1.x specific stuff
+@ifset gpgone
+@macro gpgvname
+gpgv
+@end macro
+@manpage gpgv.1
+@node gpgv
+@section Verify OpenPGP signatures
+@ifset manverb
+.B gpgv
+\- Verify OpenPGP signatures
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgv
+.RI [ options ]
+.I signed_files
+@end ifset
+@end ifset
+@c End GnuPG 1.x specific stuff
+
+@c Begin GnuPG 2 specific stuff
+@ifclear gpgone
+@macro gpgvname
+gpgv2
+@end macro
+@manpage gpgv2.1
+@node gpgv
+@section Verify OpenPGP signatures
+@ifset manverb
+.B gpgv2
+\- Verify OpenPGP signatures
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgv2
+.RI [ options ]
+.I signed_files
+@end ifset
+@end ifclear
+@c End GnuPG 2 specific stuff
+
+
+
+@mansect description
+@code{@gpgvname} is an OpenPGP signature verification tool.
+
+This program is actually a stripped-down version of @code{gpg} which is
+only able to check signatures. It is somewhat smaller than the fully-blown
+@code{gpg} and uses a different (and simpler) way to check that
+the public keys used to make the signature are valid. There are
+no configuration files and only a few options are implemented.
+
+@code{@gpgvname} assumes that all keys in the keyring are trustworthy.
+By default it uses a keyring named @file{trustedkeys.gpg} which is
+assumed to be in the home directory as defined by GnuPG or set by an
+option or an environment variable. An option may be used to specify
+another keyring or even multiple keyrings.
+
+@noindent
+@mansect options
+@code{@gpgvname} recognizes these options:
+
+@table @gnupgtabopt
+
+@item --verbose
+@itemx -v
+@opindex verbose
+Gives more information during processing. If used
+twice, the input data is listed in detail.
+
+@item --quiet
+@itemx -q
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --keyring @var{file}
+@opindex keyring
+Add @var{file} to the list of keyrings.
+If @var{file} begins with a tilde and a slash, these
+are replaced by the HOME directory. If the filename
+does not contain a slash, it is assumed to be in the
+home-directory ("~/.gnupg" if --homedir is not used).
+
+@item --status-fd @var{n}
+@opindex status-fd
+Write special status strings to the file descriptor @var{n}. See the
+file DETAILS in the documentation for a listing of them.
+
+@item --logger-fd @code{n}
+@opindex logger-fd
+Write log output to file descriptor @code{n} and not to stderr.
+
+@item --ignore-time-conflict
+@opindex ignore-time-conflict
+GnuPG normally checks that the timestamps associated with keys and
+signatures have plausible values. However, sometimes a signature seems to
+be older than the key due to clock problems. This option turns these
+checks into warnings.
+
+@include opt-homedir.texi
+
+@end table
+
+@mansect return value
+
+The program returns 0 if everything is fine, 1 if at least
+one signature was bad, and other error codes for fatal errors.
+
+@mansect examples
+@subsection Examples
+
+@table @asis
+
+@item @gpgvname @code{pgpfile}
+@itemx @gpgvname @code{sigfile} [@code{datafile}]
+Verify the signature of the file. The second form is used for detached
+signatures, where @code{sigfile} is the detached signature (either
+ASCII-armored or binary) and @code{datafile} contains the signed data;
+if @code{datafile} is "-" the signed data is expected on
+@code{stdin}; if @code{datafile} is not given the name of the file
+holding the signed data is constructed by cutting off the extension
+(".asc", ".sig" or ".sign") from @code{sigfile}.
+
+@end table
+
+@mansect environment
+@subsection Environment
+
+@table @asis
+
+@item HOME
+Used to locate the default home directory.
+
+@item GNUPGHOME
+If set directory used instead of "~/.gnupg".
+
+@end table
+
+@mansect files
+@subsection FILES
+
+@table @asis
+
+@item ~/.gnupg/trustedkeys.gpg
+The default keyring with the allowed keys.
+
+@end table
+
+@mansect see also
+@command{gpg2}(1)
+@include see-also-note.texi
+
diff --git a/doc/gpl.texi b/doc/gpl.texi
new file mode 100644
index 0000000..7f9a48a
--- /dev/null
+++ b/doc/gpl.texi
@@ -0,0 +1,725 @@
+@node Copying
+
+@unnumbered GNU General Public License
+@center Version 3, 29 June 2007
+
+@c This file is intended to be included in another file.
+
+@display
+Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{http://fsf.org/}
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+@end display
+
+@unnumberedsec Preamble
+
+The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom
+to share and change all versions of a program--to make sure it remains
+free software for all its users. We, the Free Software Foundation,
+use the GNU General Public License for most of our software; it
+applies also to any other work released this way by its authors. You
+can apply it to your programs, too.
+
+When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you
+have certain responsibilities if you distribute copies of the
+software, or if you modify it: responsibilities to respect the freedom
+of others.
+
+For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too,
+receive or can get the source code. And you must show them these
+terms so they know their rights.
+
+Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the
+manufacturer can do so. This is fundamentally incompatible with the
+aim of protecting users' freedom to change the software. The
+systematic pattern of such abuse occurs in the area of products for
+individuals to use, which is precisely where it is most unacceptable.
+Therefore, we have designed this version of the GPL to prohibit the
+practice for those products. If such problems arise substantially in
+other domains, we stand ready to extend this provision to those
+domains in future versions of the GPL, as needed to protect the
+freedom of users.
+
+Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish
+to avoid the special danger that patents applied to a free program
+could make it effectively proprietary. To prevent this, the GPL
+assures that patents cannot be used to render the program non-free.
+
+The precise terms and conditions for copying, distribution and
+modification follow.
+
+@iftex
+@unnumberedsec TERMS AND CONDITIONS
+@end iftex
+@ifinfo
+@center TERMS AND CONDITIONS
+@end ifinfo
+
+@enumerate 0
+@item Definitions.
+
+``This License'' refers to version 3 of the GNU General Public License.
+
+``Copyright'' also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+
+``The Program'' refers to any copyrightable work licensed under this
+License. Each licensee is addressed as ``you''. ``Licensees'' and
+``recipients'' may be individuals or organizations.
+
+To ``modify'' a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of
+an exact copy. The resulting work is called a ``modified version'' of
+the earlier work or a work ``based on'' the earlier work.
+
+A ``covered work'' means either the unmodified Program or a work based
+on the Program.
+
+To ``propagate'' a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+To ``convey'' a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user
+through a computer network, with no transfer of a copy, is not
+conveying.
+
+An interactive user interface displays ``Appropriate Legal Notices'' to
+the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+@item Source Code.
+
+The ``source code'' for a work means the preferred form of the work for
+making modifications to it. ``Object code'' means any non-source form
+of a work.
+
+A ``Standard Interface'' means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+The ``System Libraries'' of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+``Major Component'', in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+The ``Corresponding Source'' for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+The Corresponding Source need not include anything that users can
+regenerate automatically from other parts of the Corresponding Source.
+
+The Corresponding Source for a work in source code form is that same
+work.
+
+@item Basic Permissions.
+
+All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+You may make, run and propagate covered works that you do not convey,
+without conditions so long as your license otherwise remains in force.
+You may convey covered works to others for the sole purpose of having
+them make modifications exclusively for you, or provide you with
+facilities for running those works, provided that you comply with the
+terms of this License in conveying all material for which you do not
+control copyright. Those thus making or running the covered works for
+you must do so exclusively on your behalf, under your direction and
+control, on terms that prohibit them from making any copies of your
+copyrighted material outside their relationship with you.
+
+Conveying under any other circumstances is permitted solely under the
+conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+@item Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such
+circumvention is effected by exercising rights under this License with
+respect to the covered work, and you disclaim any intention to limit
+operation or modification of the work as a means of enforcing, against
+the work's users, your or third parties' legal rights to forbid
+circumvention of technological measures.
+
+@item Conveying Verbatim Copies.
+
+You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+@item Conveying Modified Source Versions.
+
+You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these
+conditions:
+
+@enumerate a
+@item
+The work must carry prominent notices stating that you modified it,
+and giving a relevant date.
+
+@item
+The work must carry prominent notices stating that it is released
+under this License and any conditions added under section 7. This
+requirement modifies the requirement in section 4 to ``keep intact all
+notices''.
+
+@item
+You must license the entire work, as a whole, under this License to
+anyone who comes into possession of a copy. This License will
+therefore apply, along with any applicable section 7 additional terms,
+to the whole of the work, and all its parts, regardless of how they
+are packaged. This License gives no permission to license the work in
+any other way, but it does not invalidate such permission if you have
+separately received it.
+
+@item
+If the work has interactive user interfaces, each must display
+Appropriate Legal Notices; however, if the Program has interactive
+interfaces that do not display Appropriate Legal Notices, your work
+need not make them do so.
+@end enumerate
+
+A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+``aggregate'' if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+@item Conveying Non-Source Forms.
+
+You may convey a covered work in object code form under the terms of
+sections 4 and 5, provided that you also convey the machine-readable
+Corresponding Source under the terms of this License, in one of these
+ways:
+
+@enumerate a
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by the
+Corresponding Source fixed on a durable physical medium customarily
+used for software interchange.
+
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by a written
+offer, valid for at least three years and valid for as long as you
+offer spare parts or customer support for that product model, to give
+anyone who possesses the object code either (1) a copy of the
+Corresponding Source for all the software in the product that is
+covered by this License, on a durable physical medium customarily used
+for software interchange, for a price no more than your reasonable
+cost of physically performing this conveying of source, or (2) access
+to copy the Corresponding Source from a network server at no charge.
+
+@item
+Convey individual copies of the object code with a copy of the written
+offer to provide the Corresponding Source. This alternative is
+allowed only occasionally and noncommercially, and only if you
+received the object code with such an offer, in accord with subsection
+6b.
+
+@item
+Convey the object code by offering access from a designated place
+(gratis or for a charge), and offer equivalent access to the
+Corresponding Source in the same way through the same place at no
+further charge. You need not require recipients to copy the
+Corresponding Source along with the object code. If the place to copy
+the object code is a network server, the Corresponding Source may be
+on a different server (operated by you or a third party) that supports
+equivalent copying facilities, provided you maintain clear directions
+next to the object code saying where to find the Corresponding Source.
+Regardless of what server hosts the Corresponding Source, you remain
+obligated to ensure that it is available for as long as needed to
+satisfy these requirements.
+
+@item
+Convey the object code using peer-to-peer transmission, provided you
+inform other peers where the object code and Corresponding Source of
+the work are being offered to the general public at no charge under
+subsection 6d.
+
+@end enumerate
+
+A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+A ``User Product'' is either (1) a ``consumer product'', which means any
+tangible personal property which is normally used for personal,
+family, or household purposes, or (2) anything designed or sold for
+incorporation into a dwelling. In determining whether a product is a
+consumer product, doubtful cases shall be resolved in favor of
+coverage. For a particular product received by a particular user,
+``normally used'' refers to a typical or common use of that class of
+product, regardless of the status of the particular user or of the way
+in which the particular user actually uses, or expects or is expected
+to use, the product. A product is a consumer product regardless of
+whether the product has substantial commercial, industrial or
+non-consumer uses, unless such uses represent the only significant
+mode of use of the product.
+
+``Installation Information'' for a User Product means any methods,
+procedures, authorization keys, or other information required to
+install and execute modified versions of a covered work in that User
+Product from a modified version of its Corresponding Source. The
+information must suffice to ensure that the continued functioning of
+the modified object code is in no case prevented or interfered with
+solely because modification has been made.
+
+If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or
+updates for a work that has been modified or installed by the
+recipient, or for the User Product in which it has been modified or
+installed. Access to a network may be denied when the modification
+itself materially and adversely affects the operation of the network
+or violates the rules and protocols for communication across the
+network.
+
+Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+@item Additional Terms.
+
+``Additional permissions'' are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders
+of that material) supplement the terms of this License with terms:
+
+@enumerate a
+@item
+Disclaiming warranty or limiting liability differently from the terms
+of sections 15 and 16 of this License; or
+
+@item
+Requiring preservation of specified reasonable legal notices or author
+attributions in that material or in the Appropriate Legal Notices
+displayed by works containing it; or
+
+@item
+Prohibiting misrepresentation of the origin of that material, or
+requiring that modified versions of such material be marked in
+reasonable ways as different from the original version; or
+
+@item
+Limiting the use for publicity purposes of names of licensors or
+authors of the material; or
+
+@item
+Declining to grant rights under trademark law for use of some trade
+names, trademarks, or service marks; or
+
+@item
+Requiring indemnification of licensors and authors of that material by
+anyone who conveys the material (or modified versions of it) with
+contractual assumptions of liability to the recipient, for any
+liability that these contractual assumptions directly impose on those
+licensors and authors.
+@end enumerate
+
+All other non-permissive additional terms are considered ``further
+restrictions'' within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions; the
+above requirements apply either way.
+
+@item Termination.
+
+You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+@item Acceptance Not Required for Having Copies.
+
+You are not required to accept this License in order to receive or run
+a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+@item Automatic Licensing of Downstream Recipients.
+
+Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+An ``entity transaction'' is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+@item Patents.
+
+A ``contributor'' is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's ``contributor version''.
+
+A contributor's ``essential patent claims'' are all patent claims owned
+or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, ``control'' includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+In the following three paragraphs, a ``patent license'' is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To ``grant'' such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. ``Knowingly relying'' means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+A patent license is ``discriminatory'' if it does not include within the
+scope of its coverage, prohibits the exercise of, or is conditioned on
+the non-exercise of one or more of the rights that are specifically
+granted under this License. You may not convey a covered work if you
+are a party to an arrangement with a third party that is in the
+business of distributing software, under which you make payment to the
+third party based on the extent of your activity of conveying the
+work, and under which the third party grants, to any of the parties
+who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by
+you (or copies made from those copies), or (b) primarily for and in
+connection with specific products or compilations that contain the
+covered work, unless you entered into that arrangement, or that patent
+license was granted, prior to 28 March 2007.
+
+Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+@item No Surrender of Others' Freedom.
+
+If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey
+a covered work so as to satisfy simultaneously your obligations under
+this License and any other pertinent obligations, then as a
+consequence you may not convey it at all. For example, if you agree
+to terms that obligate you to collect a royalty for further conveying
+from those to whom you convey the Program, the only way you could
+satisfy both those terms and this License would be to refrain entirely
+from conveying the Program.
+
+@item Use with the GNU Affero General Public License.
+
+Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+@item Revised Versions of this License.
+
+The Free Software Foundation may publish revised and/or new versions
+of the GNU General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies that a certain numbered version of the GNU General Public
+License ``or any later version'' applies to it, you have the option of
+following the terms and conditions either of that numbered version or
+of any later version published by the Free Software Foundation. If
+the Program does not specify a version number of the GNU General
+Public License, you may choose any version ever published by the Free
+Software Foundation.
+
+If the Program specifies that a proxy can decide which future versions
+of the GNU General Public License can be used, that proxy's public
+statement of acceptance of a version permanently authorizes you to
+choose that version for the Program.
+
+Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+@item Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT
+WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
+DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+
+@item Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
+CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
+ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
+NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
+LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
+TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+@item Interpretation of Sections 15 and 16.
+
+If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+@iftex
+@heading END OF TERMS AND CONDITIONS
+@end iftex
+@ifinfo
+@center END OF TERMS AND CONDITIONS
+@end ifinfo
+@unnumberedsec How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the ``copyright'' line and a pointer to where the full notice is found.
+@smallexample
+@var{one line to give the program's name and a brief idea of what it does.}
+Copyright (C) @var{year} @var{name of author}
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or (at
+your option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see @url{http://www.gnu.org/licenses/}.
+@end smallexample
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+@smallexample
+@var{program} Copyright (C) @var{year} @var{name of author}
+This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}.
+This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details.
+@end smallexample
+
+The hypothetical commands @samp{show w} and @samp{show c} should show
+the appropriate parts of the General Public License. Of course, your
+program's commands might be different; for a GUI interface, you would
+use an ``about box''.
+
+You should also get your employer (if you work as a programmer) or school,
+if any, to sign a ``copyright disclaimer'' for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+@url{http://www.gnu.org/licenses/}.
+
+The GNU General Public License does not permit incorporating your
+program into proprietary programs. If your program is a subroutine
+library, you may consider it more useful to permit linking proprietary
+applications with the library. If this is what you want to do, use
+the GNU Lesser General Public License instead of this License. But
+first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}.
+
+@end enumerate
diff --git a/doc/help.be.txt b/doc/help.be.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.be.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ca.txt b/doc/help.ca.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.ca.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.cs.txt b/doc/help.cs.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.cs.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.da.txt b/doc/help.da.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.da.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.de.txt b/doc/help.de.txt
new file mode 100644
index 0000000..ea2a4e4
--- /dev/null
+++ b/doc/help.de.txt
@@ -0,0 +1,279 @@
+# help.de.txt - German GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+# Die Datei help.txt beschreibt das verwendete Format.
+# Diese Datei muß UTF-8 kodiert sein.
+
+
+.#pinentry.qualitybar.tooltip
+# Dies ist lediglich eine kommentiertes Beispiel. Es ist am sinnvolssten
+# einen individuellen Text in /etc/gnupg/help.de.txt zu erstellen.
+Die Qualität der Passphrase, die Sie oben eingegeben haben. Bitte
+fragen sie Ihren Systembeauftragten nach den Kriterien für die Messung
+der Qualität.
+.
+
+
+
+
+.gpg.edit_ownertrust.value
+Sie müssen selbst entscheiden, welchen Wert Sie hier eintragen; dieser Wert
+wird niemals an eine dritte Seite weitergegeben. Wir brauchen diesen Wert,
+um das "Netz des Vertrauens" aufzubauen. Dieses hat nichts mit dem
+(implizit erzeugten) "Netz der Zertifikate" zu tun.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Um das Web-of-Trust aufzubauen muß GnuPG wissen, welchen Schlüsseln
+uneingeschränkt vertraut wird. Das sind üblicherweise die Schlüssel
+auf deren geheimen Schlüssel Sie Zugruff haben.
+Antworten Sie mit "yes" um diesen Schlüssel uneingeschränkt zu vertrauen
+
+.
+
+.gpg.untrusted_key.override
+Wenn Sie diesen nicht vertrauenswürdigen Schlüssel trotzdem benutzen wollen,
+so antworten Sie mit "ja".
+.
+
+.gpg.pklist.user_id.enter
+Geben Sie die User-ID dessen ein, dem Sie die Botschaft senden wollen.
+.
+
+.gpg.keygen.algo
+Wählen Sie das zu verwendene Verfahren.
+
+DSA (alias DSS) ist der "Digital Signature Algorithm" und kann nur für
+Unterschriften genutzt werden.
+
+Elgamal ist ein Verfahren nur für Verschlüsselung.
+
+RSA kann sowohl für Unterschriften als auch für Verschlüsselung genutzt
+werden.
+
+Der erste Schlüssel (Hauptschlüssel) muß immer ein Schlüssel sein, mit dem
+unterschrieben werden kann.
+.
+
+.gpg.keygen.algo.rsa_se
+Normalerweise ist es nicht gut, denselben Schlüssel zum unterschreiben
+und verschlüsseln zu nutzen. Dieses Verfahren sollte in speziellen
+Anwendungsgebiten benutzt werden. Bitte lassen Sie sich zuerst von
+einem Sicherheistexperten beraten.
+.
+
+.gpg.keygen.size
+Wählen Sie die gewünschte Schlüssellänge
+.
+
+.gpg.keygen.size.huge.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keygen.size.large.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keygen.valid
+Geben Sie den benötigten Wert so an, wie er im Prompt erscheint.
+Es ist zwar möglich ein "ISO"-Datum (JJJJ-MM-DD) einzugeben, aber man
+erhält dann ggfs. keine brauchbaren Fehlermeldungen - stattdessen versucht
+der Rechner den Wert als Intervall (von-bis) zu deuten.
+.
+
+.gpg.keygen.valid.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keygen.name
+Geben Sie den Namen des Schlüsselinhabers ein.
+Beispiel: Heinrich Heine.
+.
+
+.gpg.keygen.email
+Geben Sie eine Email-Adresse ein. Dies ist zwar nicht unbedingt notwendig,
+aber sehr empfehlenswert.
+Beispiel: heinrichh@duesseldorf.de
+.
+
+.gpg.keygen.comment
+Geben Sie - bei Bedarf - einen Kommentar ein.
+.
+
+.gpg.keygen.userid.cmd
+N um den Namen zu ändern.
+K um den Kommentar zu ändern.
+E um die Email-Adresse zu ändern.
+F um mit der Schlüsselerzeugung fortzusetzen.
+B um die Schlüsselerzeugung abbrechen.
+.
+
+.gpg.keygen.sub.okay
+Geben Sie "ja" (oder nur "j") ein, um den Unterschlüssel zu erzeugen.
+.
+
+.gpg.sign_uid.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.sign_uid.class
+Wenn Sie die User-ID eines Schlüssels beglaubigen wollen, sollten Sie zunächst
+sicherstellen, daß der Schlüssel demjenigen gehört, der in der User-ID genannt
+ist. Für Dritte ist es hilfreich zu wissen, wie gut diese Zuordnung überprüft
+wurde.
+
+"0" zeigt, daß Sie keine bestimmte Aussage über die Sorgfalt der
+ Schlüsselzuordnung machen.
+
+"1" Sie glauben, daß der Schlüssel der benannten Person gehört,
+ aber Sie konnten oder nahmen die Überpüfung überhaupt nicht vor.
+ Dies ist hilfreich für eine "persona"-Überprüfung, wobei man den
+ Schlüssel eines Pseudonym-Trägers beglaubigt
+
+"2" Sie nahmen eine flüchtige Überprüfung vor. Das heißt Sie haben z.B.
+ den Schlüsselfingerabdruck kontrolliert und die User-ID des Schlüssels
+ anhand des Fotos geprüft.
+
+"3" Sie haben eine ausführlich Kontrolle des Schlüssels vorgenommen.
+ Das kann z.B. die Kontrolle des Schlüsselfingerabdrucks mit dem
+ Schlüsselinhaber persönlich vorgenommen haben; daß Sie die User-ID des
+ Schlüssel anhand einer schwer zu fälschenden Urkunde mit Foto (wie z.B.
+ einem Paß) abgeglichen haben und schließlich per Email-Verkehr die
+ Email-Adresse als zum Schlüsselbesitzer gehörig erkannt haben.
+
+Beachten Sie, daß diese Beispiele für die Antworten 2 und 3 *nur* Beispiele
+sind. Schlußendlich ist es Ihre Sache, was Sie unter "flüchtig" oder
+ "ausführlich" verstehen, wenn Sie Schlüssel Dritter beglaubigen.
+
+Wenn Sie nicht wissen, wie Sie antworten sollen, wählen Sie "0".
+.
+
+.gpg.change_passwd.empty.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keyedit.save.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keyedit.cancel.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keyedit.sign_all.okay
+Geben Sie "ja" (oder nur "j") ein, um alle User-IDs zu beglaubigen
+.
+
+.gpg.keyedit.remove.uid.okay
+Geben Sie "ja" (oder nur "j") ein, um diese User-ID zu LÖSCHEN.
+Alle Zertifikate werden dann auch weg sein!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Geben Sie "ja" (oder nur "j") ein, um diesen Unterschlüssel zu löschen
+.
+
+.gpg.keyedit.delsig.valid
+Dies ist eine gültige Beglaubigung für den Schlüssel. Es ist normalerweise
+unnötig sie zu löschen. Sie ist möglicherweise sogar notwendig, um einen
+Trust-Weg zu diesem oder einem durch diesen Schlüssel beglaubigten Schlüssel
+herzustellen.
+.
+
+.gpg.keyedit.delsig.unknown
+Diese Beglaubigung kann nicht geprüft werden, da Sie den passenden Schlüssel
+nicht besitzen. Sie sollten die Löschung der Beglaubigung verschieben, bis
+sie wissen, welcher Schlüssel verwendet wurde. Denn vielleicht würde genau
+diese Beglaubigung den "Trust"-Weg komplettieren.
+.
+
+.gpg.keyedit.delsig.invalid
+Diese Beglaubigung ist ungültig. Es ist sinnvoll sie aus Ihrem
+Schlüsselbund zu entfernen.
+.
+
+.gpg.keyedit.delsig.selfsig
+Diese Beglaubigung bindet die User-ID an den Schlüssel. Normalerweise ist
+es nicht gut, solche Beglaubigungen zu entfernen. Um ehrlich zu sein:
+Es könnte dann sein, daß GnuPG diesen Schlüssel gar nicht mehr benutzen kann.
+Sie sollten diese Eigenbeglaubigung also nur dann entfernen, wenn sie aus
+irgendeinem Grund nicht gültig ist und eine zweite Beglaubigung verfügbar ist.
+.
+
+.gpg.keyedit.updpref.okay
+Ändern der Voreinstellung aller User-IDs (oder nur der ausgewählten)
+auf die aktuelle Liste der Voreinstellung. Die Zeitangaben aller betroffenen
+Eigenbeglaubigungen werden um eine Sekunde vorgestellt.
+
+.
+
+.gpg.passphrase.enter
+Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz
+
+.
+
+.gpg.passphrase.repeat
+Um sicher zu gehen, daß Sie sich bei der Eingabe der Passphrase nicht
+vertippt haben, geben Sie diese bitte nochmal ein. Nur wenn beide Eingaben
+übereinstimmen, wird die Passphrase akzeptiert.
+.
+
+.gpg.detached_signature.filename
+Geben Sie den Namen der Datei an, zu dem die abgetrennte Unterschrift gehört
+.
+
+.gpg.openfile.overwrite.okay
+Geben Sie "ja" ein, wenn Sie die Datei überschreiben möchten
+.
+
+.gpg.openfile.askoutname
+Geben Sie bitte einen neuen Dateinamen ein. Falls Sie nur die
+Eingabetaste betätigen, wird der (in Klammern angezeigte) Standarddateiname
+verwendet.
+.
+
+.gpg.ask_revocation_reason.code
+Sie sollten einen Grund für die Zertifizierung angeben. Je nach
+Zusammenhang können Sie aus dieser Liste auswählen:
+ "Schlüssel wurde kompromitiert"
+ Falls Sie Grund zu der Annahme haben, daß nicht berechtigte Personen
+ Zugriff zu Ihrem geheimen Schlüssel hatten
+ "Schlüssel ist überholt"
+ Falls Sie diesen Schlüssel durch einem neuen ersetzt haben.
+ "Schlüssel wird nicht mehr benutzt"
+ Falls Sie diesen Schlüssel zurückgezogen haben.
+ "User-ID ist nicht mehr gültig"
+ Um bekanntzugeben, daß die User-ID nicht mehr benutzt werden soll.
+ So weist man normalerweise auf eine ungültige Emailadresse hin.
+
+.
+
+.gpg.ask_revocation_reason.text
+Wenn Sie möchten, können Sie hier einen Text eingeben, der darlegt, warum
+Sie diesen Widerruf herausgeben. Der Text sollte möglichst knapp sein.
+Eine Leerzeile beendet die Eingabe.
+
+.
+
+
+
+# Local variables:
+# mode: default-generic
+# coding: utf-8
+# End:
diff --git a/doc/help.el.txt b/doc/help.el.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.el.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.eo.txt b/doc/help.eo.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.eo.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.es.txt b/doc/help.es.txt
new file mode 100644
index 0000000..42e531b
--- /dev/null
+++ b/doc/help.es.txt
@@ -0,0 +1,251 @@
+# help.es.txt - es GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Está en su mano asignar un valor aquí. Dicho valor nunca será exportado a
+terceros. Es necesario para implementar la red de confianza, no tiene nada
+que ver con la red de certificados (implícitamente creada).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Para construir la Red-de-Confianza, GnuPG necesita saber qué claves
+tienen confianza absoluta - normalmente son las claves para las que usted
+puede acceder a la clave secreta. Conteste "sí" para hacer que esta
+clave se considere como de total confianza
+
+.
+
+.gpg.untrusted_key.override
+Si quiere usar esta clave no fiable de todos modos, conteste "sí".
+.
+
+.gpg.pklist.user_id.enter
+Introduzca el ID de usuario al que quiere enviar el mensaje.
+.
+
+.gpg.keygen.algo
+Seleccione el algoritmo que usar.
+
+DSA (alias DSS) es el Algoritmo de Firma Digital y sólo se usa para firmas.
+
+Elgamal es un algoritmo sólo para cifrar.
+
+RSA sirve tanto para firmar como para cifrar.
+
+La primera clave (clave primaria) debe ser siempre de tipo capaz de firmar.
+.
+
+.gpg.keygen.algo.rsa_se
+En general no es una buena idea usar la misma clave para firmar y
+cifrar. Este algoritmo debéria usarse solo en ciertos contextos.
+Por favor consulte primero a un experto en seguridad.
+.
+
+.gpg.keygen.size
+Introduzca la longitud de la clave
+.
+
+.gpg.keygen.size.huge.okay
+Responda "sí" o "no"
+.
+
+.gpg.keygen.size.large.okay
+Responda "sí" o "no"
+.
+
+.gpg.keygen.valid
+Introduzca el valor requerido conforme se muestra.
+Es posible introducir una fecha ISO (AAAA-MM-DD), pero no se obtendrá una
+buena respuesta a los errores; el sistema intentará interpretar el valor
+introducido como un intervalo.
+.
+
+.gpg.keygen.valid.okay
+Responda "sí" o "no"
+.
+
+.gpg.keygen.name
+Introduzca el nombre del dueño de la clave
+.
+
+.gpg.keygen.email
+Introduzca una dirección de correo electrónico (opcional pero muy
+recomendable)
+.
+
+.gpg.keygen.comment
+Introduzca un comentario opcional
+.
+
+.gpg.keygen.userid.cmd
+N para cambiar el nombre.
+C para cambiar el comentario.
+E para cambiar la dirección.
+O para continuar con la generación de clave.
+S para interrumpir la generación de clave.
+.
+
+.gpg.keygen.sub.okay
+Responda "sí" (o sólo "s") para generar la subclave.
+.
+
+.gpg.sign_uid.okay
+Responda "sí" o "no"
+.
+
+.gpg.sign_uid.class
+Cuando firme un ID de usuario en una clave, debería verificar que la clave
+pertenece a la persona que se nombra en el ID de usuario. Es útil para
+otros saber cómo de cuidadosamente lo ha verificado.
+
+"0" significa que no hace ninguna declaración concreta sobre como ha
+ comprobado la validez de la clave.
+
+"1" significa que cree que la clave pertenece a la persona que declara
+ poseerla pero no pudo o no verificó la clave en absoluto. Esto es útil
+ para una verificación en persona cuando firmas la clave de un usuario
+ pseudoanónimo.
+
+"2" significa que hizo una comprobación informal de la clave. Por ejemplo
+ podría querer decir que comprobó la huella dactilar de la clave y
+ comprobó el ID de usuario en la clave con un ID fotográfico.
+
+"3" significa que hizo una comprobación exhaustiva de la clave. Por
+ ejemplo verificando la huella dactilar de la clave con el propietario
+ de la clave, y que comprobó, mediante un documento difícil de falsificar
+ con ID fotográfico (como un pasaporte) que el nombre del poseedor de la
+ clave coincide con el ID de usuario en la clave y finalmente que verificó
+ (intercambiando email) que la dirección de email de la clave pertenece
+ al poseedor de la clave.
+
+Observe que los ejemplos dados en los niveles 2 y 3 son *solo* ejemplos.
+En definitiva, usted decide lo que significa "informal" y "exhaustivo"
+para usted cuando firma las claves de otros.
+
+Si no sabe qué contestar, conteste "0".
+.
+
+.gpg.change_passwd.empty.okay
+Responda "sí" o "no"
+.
+
+.gpg.keyedit.save.okay
+Responda "sí" o "no"
+.
+
+.gpg.keyedit.cancel.okay
+Responda "sí" o "no"
+.
+
+.gpg.keyedit.sign_all.okay
+Responda "sí" si quiere firmar TODOS los IDs de usuario
+.
+
+.gpg.keyedit.remove.uid.okay
+Responda "sí" si realmente quiere borrar este ID de usuario.
+¡También se perderán todos los certificados!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Responda "sí" si quiere borrar esta subclave
+.
+
+.gpg.keyedit.delsig.valid
+Esta es una firma válida de esta clave. Normalmente no será deseable
+borrar esta firma ya que puede ser importante para establecer una conexión
+de confianza con la clave o con otra clave certificada por ésta.
+.
+
+.gpg.keyedit.delsig.unknown
+Esta firma no puede ser comprobada porque no tiene Vd. la clave
+correspondiente. Debería posponer su borrado hasta conocer qué clave
+se usó, ya que dicha clave podría establecer una conexión de confianza
+a través de otra clave certificada.
+.
+
+.gpg.keyedit.delsig.invalid
+Esta firma no es válida. Tiene sentido borrarla de su anillo.
+.
+
+.gpg.keyedit.delsig.selfsig
+Esta es una firma que une el ID de usuario a la clave. No suele ser una
+buena idea borrar dichas firmas. De hecho, GnuPG podría no ser capaz de
+volver a usar esta clave. Así que bórrela tan sólo si esta autofirma no
+es válida por alguna razón y hay otra disponible.
+.
+
+.gpg.keyedit.updpref.okay
+Cambiar las preferencias de todos los IDs de usuario (o sólo los
+seleccionados) a la lista actual de preferencias. El sello de tiempo
+de todas las autofirmas afectadas se avanzará en un segundo.
+
+.
+
+.gpg.passphrase.enter
+Por favor introduzca la contraseña: una frase secreta
+
+.
+
+.gpg.passphrase.repeat
+Repita la última frase contraseña para asegurarse de lo que tecleó.
+.
+
+.gpg.detached_signature.filename
+Introduzca el nombre del fichero al que corresponde la firma
+.
+
+.gpg.openfile.overwrite.okay
+Responda "sí" para sobreescribir el fichero
+.
+
+.gpg.openfile.askoutname
+Introduzca un nuevo nombre de fichero. Si pulsa INTRO se usará el fichero
+por omisión (mostrado entre corchetes).
+.
+
+.gpg.ask_revocation_reason.code
+Debería especificar un motivo para la certificación. Dependiendo del
+contexto puede elegir una opción de esta lista:
+ "La clave ha sido comprometida"
+ Use esto si tiene razones para pensar que personas no autorizadas
+ tuvieron acceso a su clave secreta.
+ "La clave ha sido sustituida"
+ Use esto si ha reemplazado la clave por otra más nueva.
+ "La clave ya no está en uso"
+ Use esto si ha dejado de usar esta clave.
+ "La identificación de usuario ya no es válida"
+ Use esto para señalar que la identificación de usuario no debería
+ seguir siendo usada; esto se utiliza normalmente para marcar una
+ dirección de correo-e como inválida.
+
+.
+
+.gpg.ask_revocation_reason.text
+Si lo desea puede introducir un texto explicando por qué emite
+este certificado de revocación. Por favor, que el texto sea breve.
+Una línea vacía pone fin al texto.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.et.txt b/doc/help.et.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.et.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.fi.txt b/doc/help.fi.txt
new file mode 100644
index 0000000..9f92246
--- /dev/null
+++ b/doc/help.fi.txt
@@ -0,0 +1,256 @@
+# help.fi.txt - fi GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Tämän arvon määrittäminen on sinun tehtäväsi, tätä arvoa ei koskaan
+kerrota kolmansille osapuolille. Tarvitsemme sitä toteuttamaan
+luottamusverkko eikä sillä ei ole mitään tekemistä (epäsuorasti luotujen)
+varmenneverkkojen kanssa.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Rakentaakseen luottamusverkon, GnuPG:n täytyy tietää mihin avaimiin
+luotetaan ehdottomasti - nämä ovat tavallisesti ne avaimet, joiden salainen
+pari on sinulla. Vastaa "kyllä" luottaaksesi tähän avaimeen ehdoitta
+
+.
+
+.gpg.untrusted_key.override
+Vastaa "kyllä" jos haluat kaikesta huolimatta käyttää tätä epäluotettavaa
+avainta.
+.
+
+.gpg.pklist.user_id.enter
+Syötä vastaanottajan, jolle haluat lähettää viestin, käyttäjätunnus.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Yleensä ei ole järkevää käyttää samaa avainta allekirjoitukseen
+ja salaamiseen. Tätä algorimiä tulisi käyttää vain määrätyissä ympäristöissä.
+Ole hyvä ja kysy tietoturva-asiantuntijaltasi ensin
+.
+
+.gpg.keygen.size
+Syötä avaimen koko
+.
+
+.gpg.keygen.size.huge.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keygen.size.large.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keygen.valid
+Syötä pyydetty arvo kuten näkyy kehotteessa.
+On mahdollista syöttää ISO-muotoinen päivä (VVVV-KK-PP),
+mutta sen seurauksena et saa kunnollista virheilmoitusta
+vaan järjestelmä yrittää tulkita arvon aikajaksona.
+.
+
+.gpg.keygen.valid.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keygen.name
+Anna avaimen haltijan nimi
+.
+
+.gpg.keygen.email
+anna vapaaehtoinen, mutta erittäin suositeltava sähköpostiosoite
+.
+
+.gpg.keygen.comment
+Kirjoita vapaaehtoinen huomautus
+.
+
+.gpg.keygen.userid.cmd
+N muuta nimeä
+C muuta kommenttia
+E muuta sähköpostiosoitetta
+O jatka avaimen luomista
+L lopeta
+.
+
+.gpg.keygen.sub.okay
+Vastaa "kyllä" (tai vain "k") jos haluat luoda aliavaimen.
+.
+
+.gpg.sign_uid.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.sign_uid.class
+Allekirjoittaessasi avaimen käyttäjätunnuksen sinun tulisi varmista, että
+avain todella kuuluu henkilölle, joka mainitaan käyttäjätunnuksessa. Muiden
+on hyvä tietää kuinka huolellisesti olet varmistanut tämän.
+
+"0" tarkoittaa, että et väitä mitään siitä, kuinka huolellisesti olet
+ varmistanut avaimen.
+
+"1" tarkoittaa, että uskot avaimen kuuluvan henkilölle, joka väittää
+ hallitsevan sitä, mutta et voinut varmistaa tai et varmistanut avainta
+ lainkaan. Tämä on hyödyllinen "persoonan" varmistamiseen, jossa
+ allekirjoitat pseudonyymin käyttäjän avaimen.
+
+"2" tarkoittaa arkista varmistusta. Esimerkiksi olet varmistanut
+ avaimen sormenjäljen ja tarkistanut käyttäjätunnuksen ja
+ valokuvatunnisteen täsmäävän.
+
+"3" tarkoittaa syvällistä henkilöllisyyden varmistamista. Esimerkiksi
+ tämä voi tarkoittaa avaimen sormenjäljen tarkistamista avaimen haltijan
+ kanssa henkilökohtaisesti, ja että tarkistit nimen avaimessa täsmäävän
+ vaikeasti väärennettävän kuvallisen henkilöllisyystodistuksen (kuten
+ passi) kanssa, ja lopuksi varmistit (sähköpostin vaihtamisella), että
+ sähköpostiosoite kuuluu avaimen haltijalle.
+
+Huomaa, että yllä annetut esimerkit tasoille 2 ja 3 ovat todellakin *vain*
+esimerkkejä. Lopullisesti se on sinun päätöksesi mitä "arkinen" ja
+"syvällinen" tarkoittaa allekirjoittaessasi muita avaimia.
+
+Jos et tiedä mikä olisi sopiva vastaus, vastaa "0".
+.
+
+.gpg.change_passwd.empty.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keyedit.save.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keyedit.cancel.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Vastaa "kyllä", jos haluat poistaa tämän käyttäjätunnuksen.
+Menetät samalla kaikki siihen liittyvät varmenteet!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Vastaa "kyllä", jos aliavaimen voi poistaa
+.
+
+.gpg.keyedit.delsig.valid
+Tämä on voimassa oleva allekirjoitus tälle avaimelle, tavallisesti ei
+kannata poistaa tätä allekirjoitusta koska se saattaa olla tarpeen
+luottamussuhteen luomiseksi avaimeen tai johonkin toiseen tämän avaimen
+varmentamaan avaimeen.
+.
+
+.gpg.keyedit.delsig.unknown
+Allekirjoitusta ei voida tarkistaa koska sinulla ei ole
+siihen liittyvää avainta. Lykkää sen poistamista kunnes
+ tiedät mitä avainta on käytetty, koska allekirjoitus
+avain saattaa luoda luottamusketjun toisen, jo ennalta
+varmennetun avaimen kautta.
+.
+
+.gpg.keyedit.delsig.invalid
+Allekirjoitus ei ole pätevä. Järkevintä olisi poistaa se
+avainrenkaastasi.
+.
+
+.gpg.keyedit.delsig.selfsig
+Tämä allekirjoitus takaa avaimen haltijan henkilöllisyyden.
+Tällaisen allekirjoituksen poistaminen on tavallisesti huono
+ajatus. GnuPG ei kenties voi käyttää avainta enää. Poista
+allekirjoitus vain, jos se ei ole jostain syystä pätevä, ja
+avaimella on jo toinen allekirjoitus.
+.
+
+.gpg.keyedit.updpref.okay
+Muuta valinnat kaikille käyttäjätunnuksille (tai vain valituille)
+nykyiseen luetteloon valinnoista. Kaikkien muutettujen
+oma-allekirjoitusten aikaleima siirretään yhdellä sekunnilla eteenpäin.
+
+.
+
+.gpg.passphrase.enter
+Ole hyvä ja syötä salasana, tämän on salainen lause
+
+.
+
+.gpg.passphrase.repeat
+Toista edellinen salasanasi varmistuaksesi siitä, mitä kirjoitit.
+.
+
+.gpg.detached_signature.filename
+Anna allekirjoitetun tiedoston nimi
+.
+
+.gpg.openfile.overwrite.okay
+Vastaa "kyllä", jos tiedoston voi ylikirjoittaa
+.
+
+.gpg.openfile.askoutname
+Syötä uusi tiedostonimi. Jos painat vain RETURN, käytetään
+oletustiedostoa (joka näkyy sulkeissa).
+.
+
+.gpg.ask_revocation_reason.code
+Sinun tulisi määrittää syy varmenteelle. Riippuen asiayhteydestä
+voit valita tästä listasta:
+ "Avain on paljastunut"
+ Käytä tätä, jos sinulla on syytä uskoa, että luvattomat henkilöt
+ ovat saaneet salaisen avaimesi käsiinsä.
+ "Avain on korvattu"
+ Käytä tätä, jos olet korvannut tämän uudemmalla avaimella.
+ "Avain ei ole enää käytössä"
+ Käytä tätä, jost ole lopettanut tämän avaimen käytön.
+ "Käyttäjätunnus ei ole enää voimassa"
+ Käytä tätä ilmoittamaan, että käyttäjätunnusta ei pitäisi käyttää;
+ tätä normaalisti käytetään merkitsemään sähköpostiosoite vanhenneeksi.
+
+.
+
+.gpg.ask_revocation_reason.text
+Halutessasi voit kirjoittaa tähän kuvauksen miksi julkaiset tämän
+mitätöintivarmenteen. Kirjoita lyhyesti.
+Tyhjä rivi päättää tekstin.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.fr.txt b/doc/help.fr.txt
new file mode 100644
index 0000000..c18fea0
--- /dev/null
+++ b/doc/help.fr.txt
@@ -0,0 +1,256 @@
+# help.fr.txt - fr GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais
+envoyée à une tierce personne. Nous en avons besoin pour créer le réseau
+de confiance (web-of-trust); cela n'a rien à voir avec le réseau des
+certificats (créé implicitement)
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Pour mettre en place le Réseau de confiance (Web of Trust), GnuPG a
+besoin de savoir en quelles clés votre confiance est ultime - ce sont
+en général les clés dont vous avez accès à la clé secrète. Répondez
+"oui" pour indiquer que votre confiance en cette clé est ultime
+
+.
+
+.gpg.untrusted_key.override
+Si vous voulez utiliser cette clé peu sûre quand-même, répondez «oui».
+.
+
+.gpg.pklist.user_id.enter
+Entrez le nom d'utilisateur de la personne à qui vous voulez envoyer
+le message.
+.
+
+.gpg.keygen.algo
+Sélectionnez l'algorithme à utiliser.
+
+DSA (connu également sous le nom de DSS) est un algorithme de signature
+digitale et ne peut être utilisé que pour des signatures.
+
+Elgamal est un algorithme pour le chiffrement seul.
+
+RSA peut être utilisé pour les signatures et le chiffrement.
+
+La première clé (clé principale) doit toujours être une clé capable
+de signer.
+.
+
+.gpg.keygen.algo.rsa_se
+En général ce n'est pas une bonne idée d'utiliser la même clé pour
+signer et pour chiffrer. Cet algorithme ne doit être utilisé que
+pour certains domaines.
+Consultez votre expert en sécurité d'abord.
+.
+
+.gpg.keygen.size
+Entrez la taille de la clé
+.
+
+.gpg.keygen.size.huge.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keygen.size.large.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keygen.valid
+Entrez la valeur demandée comme indiqué dans la ligne de commande.
+On peut entrer une date ISO (AAAA-MM-JJ) mais le résultat d'erreur sera
+mauvais - le système essaierait d'interpréter la valeur donnée comme un
+intervalle.
+.
+
+.gpg.keygen.valid.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keygen.name
+Entrez le nom du propriétaire de la clé
+.
+
+.gpg.keygen.email
+entrez une adresse e-mail optionnelle mais hautement recommandée
+.
+
+.gpg.keygen.comment
+Entrez un commentaire optionnel
+.
+
+.gpg.keygen.userid.cmd
+N pour changer le nom.
+C pour changer le commentaire.
+E pour changer l'adresse e-mail.
+O pour continuer à générer la clé.
+Q pour arrêter de générer de clé.
+.
+
+.gpg.keygen.sub.okay
+Répondez «oui» (ou simplement «o») pour générer la sous-clé
+.
+
+.gpg.sign_uid.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.sign_uid.class
+Quand vous signez un nom d'utilisateur d'une clé, vous devriez d'abord
+vérifier que la clé appartient à la personne nommée. Il est utile que
+les autres personnes sachent avec quel soin vous l'avez vérifié.
+
+"0" signifie que vous n'avez pas d'opinon.
+
+"1" signifie que vous croyez que la clé appartient à la personne qui
+dit la posséder mais vous n'avez pas pu vérifier du tout la clé.
+C'est utile lorsque vous signez la clé d'un pseudonyme.
+
+"2" signifie que vous avez un peu vérifié la clé. Par exemple, cela
+pourrait être un vérification de l'empreinte et du nom de
+l'utilisateur avec la photo.
+
+"3" signifie que vous avez complètement vérifié la clé. Par exemple,
+cela pourrait être une vérification de l'empreinte, du nom de
+l'utilisateur avec un document difficile à contrefaire (comme un
+passeport) et de son adresse e-mail (vérifié par un échange de
+courrier électronique).
+
+Notez bien que les exemples donnés ci-dessus pour les niveaux 2 et
+3 ne sont *que* des exemples.
+C'est à vous de décider quelle valeur mettre quand vous signez
+les clés des autres personnes.
+
+Si vous ne savez pas quelle réponse est la bonne, répondez "0".
+.
+
+.gpg.change_passwd.empty.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keyedit.save.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keyedit.cancel.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keyedit.sign_all.okay
+Répondez «oui» si vous voulez signer TOUS les noms d'utilisateurs
+.
+
+.gpg.keyedit.remove.uid.okay
+Répondez «oui» si vous voulez vraiment supprimer ce nom
+d'utilisateur. Tous les certificats seront alors perdus en même temps !
+.
+
+.gpg.keyedit.remove.subkey.okay
+Répondez «oui» s'il faut vraiment supprimer la sous-clé
+.
+
+.gpg.keyedit.delsig.valid
+C'est une signature valide dans la clé; vous n'avez pas normalement
+intérêt à supprimer cette signature car elle peut être importante pour
+établir une connection de confiance vers la clé ou une autre clé certifiée
+par celle-là.
+.
+
+.gpg.keyedit.delsig.unknown
+Cette signature ne peut pas être vérifiée parce que vous n'avez pas la
+clé correspondante. Vous devriez remettre sa supression jusqu'à ce que
+vous soyez sûr de quelle clé a été utilisée car cette clé de signature
+peut établir une connection de confiance vers une autre clé déjà certifiée.
+.
+
+.gpg.keyedit.delsig.invalid
+Cette signature n'est pas valide. Vous devriez la supprimer de votre
+porte-clés.
+.
+
+.gpg.keyedit.delsig.selfsig
+Cette signature relie le nom d'utilisateur à la clé. Habituellement
+enlever une telle signature n'est pas une bonne idée. En fait GnuPG peut
+ne plus être capable d'utiliser cette clé. Donc faites ceci uniquement si
+cette auto-signature est invalide pour une certaine raison et si une autre
+est disponible.
+.
+
+.gpg.keyedit.updpref.okay
+Changer les préférences de tous les noms d'utilisateurs (ou juste
+ceux qui sont sélectionnés) vers la liste actuelle. La date de toutes
+les auto-signatures affectées seront avancées d'une seconde.
+
+.
+
+.gpg.passphrase.enter
+Entrez le mot de passe ; c'est une phrase secrète
+
+.
+
+.gpg.passphrase.repeat
+Répétez la dernière phrase de passe pour être sûr de ce que vous
+avez tapé.
+.
+
+.gpg.detached_signature.filename
+Donnez le nom du fichier auquel la signature se rapporte
+.
+
+.gpg.openfile.overwrite.okay
+Répondez «oui» s'il faut vraiment réécrire le fichier
+.
+
+.gpg.openfile.askoutname
+Entrez le nouveau nom de fichier. Si vous tapez simplement ENTRÉE le
+fichier par défaut (indiqué entre crochets) sera utilisé.
+.
+
+.gpg.ask_revocation_reason.code
+Vous devriez donner une raison pour la certification. Selon le contexte
+vous pouvez choisir dans cette liste:
+ «La clé a été compromise»
+ Utilisez cette option si vous avez une raison de croire que des
+ personnes ont pu accéder à votre clé secrète sans autorisation.
+ «La clé a été remplacée»
+ Utilisez cette option si vous avez remplacé la clé par une nouvelle.
+ «La clé n'est plus utilisée»
+ Utilisez cette option si cette clé n'a plus d'utilité.
+ «Le nom d'utilisateur n'est plus valide»
+ Utilisez cette option si le nom d'utilisateur ne doit plus être
+ utilisé. Cela sert généralement à indiquer qu'une adresse e-mail
+ est invalide.
+
+.
+
+.gpg.ask_revocation_reason.text
+Si vous le désirez, vous pouvez entrer un texte qui explique pourquoi vous
+avez émis ce certificat de révocation. Essayez de garder ce texte concis.
+Une ligne vide délimite la fin du texte.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.gl.txt b/doc/help.gl.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.gl.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.hu.txt b/doc/help.hu.txt
new file mode 100644
index 0000000..1440dae
--- /dev/null
+++ b/doc/help.hu.txt
@@ -0,0 +1,257 @@
+# help.hu.txt - hu GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Az Ön döntésén múlik, hogy milyen értéket ad meg itt. Ezt az értéket soha
+nem exportáljuk mások részére. Ez a bizalmak hálózatához (web-of-trust)
+szükséges, semmi köze az igazolások hálózatához (web-of-certificates).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Hogy a bizalmak hálózatát felépítsük, a GnuPG-nek tudnia kell, hogy
+mely kulcsok alapvetően megbízhatóak - általában ezek azok a kulcsok,
+melyek titkos kulcsához hozzáfér. Válaszoljon "igen"-nel, ha kulcsot
+alapvetően megbízhatónak jelöli!
+
+.
+
+.gpg.untrusted_key.override
+Ha mégis használni akarja ezt a kulcsot, melyben nem bízunk,
+válaszoljon "igen"-nel!
+.
+
+.gpg.pklist.user_id.enter
+Adja meg a címzett felhasználói azonosítóját!
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Ãltalában nem jó ötlet ugyanazt a kulcsot használni aláíráshoz és
+titkosításhoz. Ezt az algoritmust csak bizonyos területeken ajánlatos
+használni. Kérem, először konzultáljon a biztonsági szakértőjével!
+.
+
+.gpg.keygen.size
+Adja meg a kulcs méretét!
+.
+
+.gpg.keygen.size.huge.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keygen.size.large.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keygen.valid
+Adja meg a szükséges értéket, ahogy a prompt mutatja!
+Lehetséges ISO dátumot is beírni (ÉÉÉÉ-HH-NN), de nem fog rendes
+hibaüzenetet kapni, hanem a rendszer megpróbálja az értéket
+intervallumként értelmezni.
+.
+
+.gpg.keygen.valid.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keygen.name
+Adja meg a kulcs tulajdonosának a nevét!
+.
+
+.gpg.keygen.email
+Kérem, adjon meg egy opcionális, de nagyon ajánlott e-mail címet!
+.
+
+.gpg.keygen.comment
+Kérem, adjon meg egy opcionális megjegyzést!
+.
+
+.gpg.keygen.userid.cmd
+N név változtatása
+M megjegyzés változtatása
+E e-mail változtatása
+R kulcsgenerálás folytatása
+Q kilépés a kulcsgenerálásból
+.
+
+.gpg.keygen.sub.okay
+Válaszoljon "igen"-nel (vagy csak "i"-vel), ha kezdhetjük az alkulcs
+létrehozását!
+.
+
+.gpg.sign_uid.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.sign_uid.class
+Mielőtt aláír egy felhasználói azonosítót egy kulcson, ellenőriznie kell,
+hogy a kulcs a felhasználói azonosítóban megnevezett személyhez tartozik.
+Mások számára hasznos lehet, ha tudják, hogy milyen gondosan ellenőrizte
+Ön ezt.
+
+"0" azt jelenti, hogy nem tesz az ellenőrzés gondosságára vonatkozó
+ kijelentést.
+
+"1" azt jelenti, hogy Ön hiszi, hogy a kulcs annak a személynek a
+ tulajdona, aki azt állítja, hogy az övé, de Ön nem tudta ezt
+ ellenőrizni, vagy egyszerűen nem ellenőrizte ezt. Ez hasznos egy
+ "persona" típusú ellenőrzéshez, mikor Ön egy pszeudonim felhasználó
+ kulcsát írja alá.
+
+"2" azt jelenti, hogy Ön a kulcsot hétköznapi alapossággal ellenőrizte.
+ Például ez azt jelentheti, hogy ellenőrizte a kulcs ujjlenyomatát, és
+ összevetette a kulcson szereplő felhasználóazonosítót egy fényképes
+ igazolvánnyal.
+
+"3" azt jelenti, hogy alaposan ellenőrizte a kulcsot. Például ez azt
+ jelentheti, hogy a kulcs ujjlenyomatát a tulajdonossal személyesen
+ találkozva ellenőrizte, egy nehezen hamisítható, fényképes igazolvánnyal
+ (mint az útlevél) meggyőződött arról, hogy a személy neve egyezik a
+ kulcson levővel, és végül (e-mail váltással) ellenőrizte, hogy a kulcson
+ szereplő e-mail cím a kulcs tulajdonosához tartozik.
+
+A 2-es és 3-as szintekhez adott példák *csak* példák. Végső soron Ön dönti
+el, hogy mit jelentenek Önnek a "hétköznapi" és "alapos" kifejezések,
+amikor mások kulcsát aláírja.
+
+Ha nem tudja, hogy mit válaszoljon, írjon "0"-t!
+.
+
+.gpg.change_passwd.empty.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keyedit.save.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keyedit.cancel.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Válaszoljon "igen"-nel, ha valóban törölni akarja ezt a felhasználóazonosítót!
+Minden igazolás törlődik vele együtt!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Válaszoljon "igen"-nel, ha az alkulcs törölhető.
+.
+
+.gpg.keyedit.delsig.valid
+Ez egy érvényes aláírás a kulcson. Normál esetben nincs értelme
+törölni, mert fontos lehet ahhoz, hogy érvényesítse ezt a kulcsot,
+vagy egy másikat, melyet ezzel a kulccsal igazolnak.
+.
+
+.gpg.keyedit.delsig.unknown
+Ezt az aláírást nem tudom ellenőrizni, mert nincs meg a hozzá tartozó
+kulcs. Ajánlatos lenne elhalasztani a törlést addig, amíg meg nem tudja,
+hogy melyik kulcsot használták, mert ez az aláíró kulcs bizalmi
+kapcsolatot hozhat létre egy már hitelesített kulcson keresztül.
+.
+
+.gpg.keyedit.delsig.invalid
+Ez az aláírás nem érvényes. Értelmetlen eltávolítani a kulcskarikáról.
+.
+
+.gpg.keyedit.delsig.selfsig
+Ez egy olyan aláírás, amely összeköti a felhasználóazonosítót
+a kulccsal. Ãltalában nem jó ötlet egy ilyen aláírást eltávolítani.
+Az is lehetséges, hogy a GnuPG többé nem tudja használni ezt
+a kulcsot. Csak akkor tegye ezt, ha valami okból ez az önaláírás nem
+érvényes, és rendelkezésre áll egy másik!
+.
+
+.gpg.keyedit.updpref.okay
+Lecseréli az összes felhasználóazonosítóhoz (vagy csak a kijelöltekhez)
+tartozó preferenciákat az aktuális preferenciákra. Minden érintett
+önaláírás időpontját egy másodperccel növeli.
+
+.
+
+.gpg.passphrase.enter
+Kérem, adja meg a jelszót! Ezt egy titkos mondat.
+
+.
+
+.gpg.passphrase.repeat
+Kérem, ismételje meg az előző jelszót ellenőrzésképpen!
+.
+
+.gpg.detached_signature.filename
+Adja meg az állomány nevét, melyhez az aláírás tartozik!
+.
+
+.gpg.openfile.overwrite.okay
+Válaszoljon "igen"-nel, ha felülírható az állomány!
+.
+
+.gpg.openfile.askoutname
+Kérem, adjon meg egy új fájlnevet! Ha RETURN-t/ENTER-t nyom, akkor
+a szögletes zárójelben levő alapértelmezett nevet használom.
+.
+
+.gpg.ask_revocation_reason.code
+Ajánlatos megadni a visszavonás okát. A helyzettől függően válasszon
+a következő listából:
+ "A kulcs kompromittálódott."
+ Használja ezt akkor, ha oka van azt hinni, hogy titkos kulcsa
+ illetéktelen kezekbe került!
+ "A kulcsot lecserélték."
+ Használja ezt akkor, ha a kulcsot lecserélte egy újabbra!
+ "A kulcs már nem használatos."
+ Használja ezt akkor, ha már nem használja a kulcsot!
+ "A felhasználóazonosító már nem érvényes."
+ Használja ezt akkor, ha azt állítja, hogy a felhasználóazonosító
+ már nem használatos! Ãltalában érvénytelen e-mail címet jelent.
+
+.
+
+.gpg.ask_revocation_reason.text
+Ha akarja, megadhat egy szöveget, melyben megindokolja, hogy miért
+adta ki ezt a visszavonó igazolást. Kérem, fogalmazzon tömören!
+Egy üres sor jelzi a szöveg végét.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.id.txt b/doc/help.id.txt
new file mode 100644
index 0000000..ae9e808
--- /dev/null
+++ b/doc/help.id.txt
@@ -0,0 +1,251 @@
+# help.id.txt - id GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Terserah anda untuk memberi nilai baru di sini; nilai ini tidak akan diekspor
+ke pihak ketiga. Kami perlu untuk mengimplementasikan web-of-trust; tidak ada
+kaitan dengan (membuat secara implisit) web-of-certificates.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Untuk membuat Web-of-Trust, GnuPG perlu tahu kunci mana yang
+sangat dipercaya - mereka biasanya adalah kunci yang anda punya
+akses ke kunci rahasia. Jawab "yes" untuk menset kunci ini ke
+sangat dipercaya
+
+.
+
+.gpg.untrusted_key.override
+Jika anda ingin menggunakan kunci tidak terpercaya ini, jawab "ya".
+.
+
+.gpg.pklist.user_id.enter
+Masukkan ID user penerima pesan.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Secara umum bukan ide baik untuk menggunakan kunci yang sama untuk menandai dan
+mengenkripsi. Algoritma ini seharusnya digunakan dalam domain tertentu.
+Silakan berkonsultasi dulu dengan ahli keamanan anda.
+.
+
+.gpg.keygen.size
+Masukkan ukuran kunci
+.
+
+.gpg.keygen.size.huge.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keygen.size.large.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keygen.valid
+Masukkan nilai yang diperlukan seperti pada prompt.
+Dapat digunakan format (YYYY-MM-DD) untuk mengisi tanggal ISO tetapi anda
+tidak akan mendapat respon kesalahan yang baik - sebaiknya sistem akan
+berusaha menginterprestasi nilai yang diberikan sebagai sebuah interval.
+.
+
+.gpg.keygen.valid.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keygen.name
+Masukkan nama pemegang kunci
+.
+
+.gpg.keygen.email
+silakan masukkan alamat email (pilihan namun sangat dianjurkan)
+.
+
+.gpg.keygen.comment
+Silakan masukkan komentar tambahan
+.
+
+.gpg.keygen.userid.cmd
+N untuk merubah nama.
+K untuk merubah komentar.
+E untuk merubah alamat email.
+O untuk melanjutkan dengan pembuatan kunci.
+K untuk menghentikan pembuatan kunci.
+.
+
+.gpg.keygen.sub.okay
+Jawab "ya" (atau "y") jika telah siap membuat subkey.
+.
+
+.gpg.sign_uid.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.sign_uid.class
+Ketika anda menandai user ID pada kunci, anda perlu memverifikasi bahwa kunci
+milik orang yang disebut dalam user ID. Ini penting bagi orang lain untuk tahu
+seberapa cermat anda memverifikasi ini.
+
+"0" berarti anda tidak melakukan klaim tentang betapa cermat anda memverifikasi kunci.
+
+"1" berarti anda percaya bahwa kunci dimiliki oleh orang yang mengklaim memilikinya
+ namun anda tidak dapat, atau tidak memverifikasi kunci sama sekali. Hal ini bergunabagi
+ verifikasi "persona", yaitu anda menandai kunci user pseudonymous
+
+"2" berarti anda melakukan verifikasi kasual atas kunci. Sebagai contoh, halini dapat
+ berarti bahwa anda memverifikasi fingerprint kunci dan memeriksa user ID pada kunci
+ dengan photo ID.
+
+"3" berarti anda melakukan verifikasi ekstensif atas kunci. Sebagai contoh, hal ini
+ dapat berarti anda memverifikasi fingerprint kunci dengan pemilik kunci
+ secara personal, dan anda memeriksa, dengan menggunakan dokumen yang sulit dipalsukan yang memiliki
+ photo ID (seperti paspor) bahwa nama pemilik kunci cocok dengan
+ nama user ID kunci, dan bahwa anda telah memverifikasi (dengan pertukaran
+ email) bahwa alamat email pada kunci milik pemilik kunci.
+
+Contoh-contoh pada level 2 dan 3 hanyalah contoh.
+Pada akhirnya, terserah anda untuk memutuskan apa arti "kasual" dan "ekstensif"
+bagi anda ketika menandai kunci lain.
+
+Jika anda tidak tahu jawaban yang tepat, jawab "0".
+.
+
+.gpg.change_passwd.empty.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keyedit.save.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keyedit.cancel.okay
+Jawab "ya" atau "tidak"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Jawab "ya" jika anda benar-benar ingin menghapus ID user ini.
+Seluruh sertifikat juga akan hilang!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Jawab "ya" jika ingin menghapus subkey
+.
+
+.gpg.keyedit.delsig.valid
+Ini adalah signature valid untuk kunci; anda normalnya tdk ingin menghapus
+signature ini karena mungkin penting membangun koneksi trust ke kunci atau
+ke kunci tersertifikasi lain dengan kunci ini.
+.
+
+.gpg.keyedit.delsig.unknown
+Signature ini tidak dapat diperiksa karena anda tidak memiliki kunci
+korespondennya. Anda perlu menunda penghapusannya hingga anda tahu
+kunci yang digunakan karena kunci penanda ini mungkin membangun suatu
+koneksi trust melalui kunci yang telah tersertifikasi lain.
+.
+
+.gpg.keyedit.delsig.invalid
+Signature tidak valid. Adalah hal yang masuk akal untuk menghapusnya dari
+keyring anda
+.
+
+.gpg.keyedit.delsig.selfsig
+Ini adalah signature yang menghubungkan ID pemakai ke kunci. Biasanya
+bukan ide yang baik untuk menghapus signature semacam itu. Umumnya
+GnuPG tidak akan dapat menggunakan kunci ini lagi. Sehingga lakukan hal
+ini bila self-signature untuk beberapa alasan tidak valid dan
+tersedia yang kedua.
+.
+
+.gpg.keyedit.updpref.okay
+Rubah preferensi seluruh user ID (atau hanya yang terpilih)
+ke daftar preferensi saat ini. Timestamp seluruh self-signature
+yang terpengaruh akan bertambah satu detik.
+
+.
+
+.gpg.passphrase.enter
+Silakan masukkan passphrase; ini kalimat rahasia
+
+.
+
+.gpg.passphrase.repeat
+Silakan ulangi passphrase terakhir, sehingga anda yakin yang anda ketikkan.
+.
+
+.gpg.detached_signature.filename
+Beri nama file tempat berlakunya signature
+.
+
+.gpg.openfile.overwrite.okay
+Jawab "ya" jika tidak apa-apa menimpa file
+.
+
+.gpg.openfile.askoutname
+Silakan masukan nama file baru. Jika anda hanya menekan RETURN nama
+file baku (yang diapit tanda kurung) akan dipakai.
+.
+
+.gpg.ask_revocation_reason.code
+Anda harus menspesifikasikan alasan pembatalan. Semua ini tergantung
+konteks, anda dapat memilih dari daftar berikut:
+ "Key has been compromised"
+ Gunakan ini jika anda punya alasan untuk percaya bahwa orang yang tidak berhak
+ memiliki akses ke kunci pribadi anda.
+ "Key is superseded"
+ Gunakan ini bila anda mengganti kunci anda dengan yang baru.
+ "Key is no longer used"
+ Gunakan ini bila anda telah mempensiunkan kunci ini.
+ "User ID is no longer valid"
+ Gunakan ini untuk menyatakan user ID tidak boleh digunakan lagi;
+ normalnya digunakan untuk menandai bahwa alamat email tidak valid lagi.
+
+.
+
+.gpg.ask_revocation_reason.text
+Jika anda suka, anda dapat memasukkan teks menjelaskan mengapa anda
+mengeluarkan sertifikat pembatalan ini. Buatlah ringkas.
+Baris kosong mengakhiri teks.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.it.txt b/doc/help.it.txt
new file mode 100644
index 0000000..db6127f
--- /dev/null
+++ b/doc/help.it.txt
@@ -0,0 +1,251 @@
+# help.it.txt - Italian GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+E compito tuo assegnare un valore; questo valore non sarà mai esportato a
+terzi. Ci serve per implementare il web-of-trust; non ha nulla a che fare
+con il web-of-certificates (creato implicitamente).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Per costruire il Web-Of-Trust, GnuPG ha bisogno di sapere quali chiavi sono
+definitivamente affidabili - di solito quelle per cui hai accesso alla chiave
+segreta.
+Rispondi "sì" per impostare questa chiave come definitivamente affidabile
+
+.
+
+.gpg.untrusted_key.override
+Se vuoi usare comunque questa chiave non fidata, rispondi "si".
+.
+
+.gpg.pklist.user_id.enter
+Inserisci l'user ID del destinatario a cui vuoi mandare il messaggio.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+In generale non è una buona idea usare la stessa chiave per le firme e la
+cifratura. Questo algoritmo dovrebbe solo essere usato in determinati campi.
+Per favore consulta prima il tuo esperto di sicurezza.
+.
+
+.gpg.keygen.size
+Inserisci le dimensioni della chiave
+.
+
+.gpg.keygen.size.huge.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keygen.size.large.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keygen.valid
+Inserisci il valore richiesto come indicato dal prompt.
+È possibile inserire una data in formato ISO (YYYY-MM-DD) ma non avrai un
+messaggio di errore corretto: il sistema cerca di interpretare il valore
+dato come un intervallo.
+.
+
+.gpg.keygen.valid.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keygen.name
+Inserisci il nome del proprietario della chiave
+.
+
+.gpg.keygen.email
+Inserisci un indirizzo di email opzionale (ma fortemente suggerito)
+.
+
+.gpg.keygen.comment
+Inserisci un commento opzionale
+.
+
+.gpg.keygen.userid.cmd
+N per cambiare il nome.
+C per cambiare il commento.
+E per cambiare l'indirizzo di email.
+O per continuare con la generazione della chiave.
+Q per abbandonare il processo di generazione della chiave.
+.
+
+.gpg.keygen.sub.okay
+Rispondi "si" (o "y") se va bene generare la subchiave.
+.
+
+.gpg.sign_uid.okay
+Rispondi "si" o "no"
+.
+
+.gpg.sign_uid.class
+Quando firmi l'user ID di una chiave dovresti prima verificare che questa
+appartiene alla persona indicata nell'user ID. È utile agli altri sapere
+con quanta attenzione lo hai verificato.
+
+"0" significa che non fai particolari affermazioni sull'attenzione con cui
+ hai ferificato la chiave.
+
+"1" significa che credi che la chiave sia posseduta dalla persona che dice di
+ possederla, ma non hai o non hai potuto verificare per niente la chiave.
+
+"2" significa che hai fatto una verifica superficiale della chiave. Per esempio
+ potrebbe significare che hai verificato l'impronta digitale e confrontato
+ l'user ID della chiave con un documento di identità con fotografia.
+
+"3" significa che hai fatto una verifica approfondita della chiave. Per esempio
+ potrebbe significare che hai verificato di persona l'impronta digitale con
+ il possessore della chiave e hai controllato, per esempio per mezzo di
+ un documento di identità con fotografia difficile da falsificare (come
+ un passaporto), che il nome del proprietario della chiave corrisponde a
+ quello nell'user ID della chiave, e per finire che hai verificato
+ (scambiando dei messaggi) che l'indirizzo di email sulla chiave appartiene
+ al proprietario.
+
+Nota che gli esempi indicati per i livelli 2 e 3 sono *solo* esempi. Alla fine
+sta a te decidere cosa significano "superficiale" e "approfondita" quando
+firmi chiavi di altri.
+
+Se non sai cosa rispondere, rispondi "0".
+.
+
+.gpg.change_passwd.empty.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keyedit.save.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keyedit.cancel.okay
+Rispondi "si" o "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Rispondi "si" se vuoi davvero cancellare questo user ID.
+Tutti i certificati saranno persi!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Rispondi "si" se va bene cancellare la subchiave
+.
+
+.gpg.keyedit.delsig.valid
+Questa è una firma valida per la chiave. Normalmente non vorresti cancellare
+questa firma perchè può essere importante per stabilire una connessione di
+fiducia alla chiave o a un'altra chiave certificata da questa chiave.
+.
+
+.gpg.keyedit.delsig.unknown
+Questa firma non può essere verificata perchè non hai la chiave corrispondente.
+Dovresti rimandare la sua cancellazione finchè non saprai quale chiave è stata
+usata perchè questa chiave potrebbe stabilire una connessione di fiducia
+attraverso una chiave già certificata.
+.
+
+.gpg.keyedit.delsig.invalid
+La firma non è valida. Ha senso rimuoverla dal tuo portachiavi.
+.
+
+.gpg.keyedit.delsig.selfsig
+Questa è una firma che collega l'user id alla chiave. Solitamente non è una
+buona idea rimuovere questo tipo di firma. In realtà GnuPG potrebbe non essere
+più in grado di usare questa chiave. Quindi fallo solo se questa autofirma non
+è valida per qualche ragione e ne è disponibile un'altra.
+.
+
+.gpg.keyedit.updpref.okay
+Cambia le preferenze di tutti gli user ID (o solo di quelli selezionati) con
+la lista di preferenze corrente. L'orario di tutte le autofirme coinvolte
+sarà aumentato di un secondo.
+
+.
+
+.gpg.passphrase.enter
+Inserisci la passphrase, cioè una frase segreta
+
+.
+
+.gpg.passphrase.repeat
+Ripeti l'ultima passphrase per essere sicuro di cosa hai scritto.
+.
+
+.gpg.detached_signature.filename
+Inserisci il nome del file a cui si riferisce la firma.
+.
+
+.gpg.openfile.overwrite.okay
+Rispondi "si" se va bene sovrascrivere il file.
+.
+
+.gpg.openfile.askoutname
+Inserisci il nuovo nome del file. Se premi INVIO sarà usato il nome
+predefinito (quello indicato tra parentesi).
+.
+
+.gpg.ask_revocation_reason.code
+Dovresti specificare un motivo per questa certificazione. A seconda del
+contesto hai la possibilità di scegliere tra questa lista:
+ "Key has been compromised"
+ Usa questo se hai un motivo per credere che una persona non autorizzata
+ abbia avuto accesso alla tua chiave segreta.
+ "Key is superseded"
+ Usa questo se hai sostituito questa chiave con una più recente.
+ "Key is no longer used"
+ Usa questo se hai mandato in pensione questa chiave.
+ "User ID is no longer valid"
+ Usa questo per affermare che l'user ID non dovrebbe più essere usato;
+ solitamente è usato per indicare un indirizzo di email non valido.
+
+.
+
+.gpg.ask_revocation_reason.text
+Se vuoi, puoi digitare un testo che descrive perché hai emesso
+questo certificato di revoca. Per favore sii conciso.
+Una riga vuota termina il testo.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ja.txt b/doc/help.ja.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.ja.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.nb.txt b/doc/help.nb.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.nb.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.pl.txt b/doc/help.pl.txt
new file mode 100644
index 0000000..ef719a8
--- /dev/null
+++ b/doc/help.pl.txt
@@ -0,0 +1,250 @@
+# help.pl.txt - pl GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Te wartości użytkownik przydziela wg swojego uznania; nie będą nigdy
+eksportowane poza ten system. Potrzebne sÄ… one do zbudowania sieci
+zaufania, i nie ma to nic wspólnego z tworzoną automatycznie siecią
+certyfikatów.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Aby zbudować Sieć Zaufania, GnuPG potrzebuje znać klucze do których
+masz absolutne zaufanie. Zwykle są to klucze do których masz klucze
+tajne. Odpowiedz ,,tak'', jeśli chcesz określić ten klucz jako klucz
+do którego masz absolutne zaufanie.
+
+.
+
+.gpg.untrusted_key.override
+Jeśli mimo wszystko chcesz użyć tego klucza, klucza, co do którego nie ma
+żadnej pewności do kogo należy, odpowiedz ,,tak''.
+.
+
+.gpg.pklist.user_id.enter
+Podaj adresatów tej wiadomości.
+.
+
+.gpg.keygen.algo
+Proszę wybrać algorytm.
+
+DSA (znany także jako DSS) to algorytm podpisu cyfrowego (Digital Signature
+Algorithm) i może być używany tylko do podpisów.
+
+Elgamal to algorytm tylko do szyfrowania.
+
+RSA może być używany do podpisów lub szyfrowania.
+
+Pierwszy (główny) klucz zawsze musi być kluczem nadającym się do podpisywania.
+.
+
+.gpg.keygen.algo.rsa_se
+Używanie tego samego klucza do podpisywania i szyfrowania nie jest dobrym
+pomysłem. Można tak postępować tylko w niektórych zastosowaniach. Proszę się
+najpierw skonsultować z ekspertem od bezpieczeństwa.
+.
+
+.gpg.keygen.size
+Wprowadź rozmiar klucza
+.
+
+.gpg.keygen.size.huge.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keygen.size.large.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keygen.valid
+Wprowadź żądaną wartość (jak w znaku zachęty).
+Można tu podać datę w formacie ISO (RRRR-MM-DD) ale nie da to
+właściwej obsługi błędów - system próbuje interpretować podaną wartość
+jako okres.
+.
+
+.gpg.keygen.valid.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keygen.name
+Nazwa właściciela klucza.
+.
+
+.gpg.keygen.email
+proszę wprowadzić opcjonalny ale wysoce doradzany adres e-mail
+.
+
+.gpg.keygen.comment
+Proszę wprowadzić opcjonalny komentarz
+.
+
+.gpg.keygen.userid.cmd
+N aby zmienić nazwę (nazwisko).
+C aby zmienić komentarz.<
+E aby zmienić adres e-mail.
+O aby kontynuować tworzenie klucza.
+Q aby zrezygnować z tworzenia klucza.
+.
+
+.gpg.keygen.sub.okay
+Jeśli ma zostać wygenerowany podklucz, należy odpowiedzieć "tak".
+.
+
+.gpg.sign_uid.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.sign_uid.class
+Przy podpisywaniu identyfikatora użytkownika na kluczu należy sprawdzić,
+czy tożsamość użytkownika odpowiada temu, co jest wpisane w identyfikatorze.
+Innym użytkownikom przyda się informacja, jak dogłębnie zostało to przez
+Ciebie sprawdzone.
+
+"0" oznacza, że nie podajesz żadnych informacji na temat tego jak dogłębnie
+ tożsamość użytkownika została przez Ciebie potwierdzona.
+
+"1" oznacza, że masz przekonanie, że tożsamość użytkownika odpowiada
+ identyfikatorowi klucza, ale nie było możliwości sprawdzenia tego.
+ Taka sytuacja występuje też kiedy podpisujesz identyfikator będący
+ pseudonimem.
+
+"2" oznacza, że tożsamość użytkownika została przez Ciebie potwierdzona
+ pobieżnie - sprawdziliście odcisk klucza, sprawdziłaś/eś tożsamość
+ na okazanym dokumencie ze zdjęciem.
+
+"3" to dogłębna weryfikacja tożsamości. Na przykład sprawdzenie odcisku
+ klucza, sprawdzenie tożsamości z okazanego oficjalnego dokumentu ze
+ zdjęciem (np paszportu) i weryfikacja poprawności adresu poczty
+ elektronicznej przez wymianÄ™ poczty z tym adresem.
+
+Zauważ, że podane powyżej przykłady dla poziomów "2" i "3" to *tylko*
+przykłady. Do Ciebie należy decyzja co oznacza "pobieżny" i "dogłębny" w
+kontekście poświadczania i podpisywania kluczy.
+
+Jeśli nie wiesz co odpowiedzieć, podaj "0".
+.
+
+.gpg.change_passwd.empty.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keyedit.save.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keyedit.cancel.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keyedit.sign_all.okay
+Odpowiedz "tak", aby podpisać WSZYSTKIE identyfikatory użytkownika.
+.
+
+.gpg.keyedit.remove.uid.okay
+Aby skasować ten identyfikator użytkownika (co wiąże się ze utratą
+wszystkich jego poświadczeń!) należy odpowiedzieć ,,tak''.
+.
+
+.gpg.keyedit.remove.subkey.okay
+Aby skasować podklucz należy odpowiedzieć "tak".
+.
+
+.gpg.keyedit.delsig.valid
+To jest poprawny podpis na tym kluczu; normalnie nie należy go usuwać
+ponieważ może być ważny dla zestawienia połączenia zaufania do klucza
+którym go złożono lub do innego klucza nim poświadczonego.
+.
+
+.gpg.keyedit.delsig.unknown
+Ten podpis nie może zostać potwierdzony ponieważ nie ma
+odpowiadającego mu klucza publicznego. Należy odłożyć usunięcie tego
+podpisu do czasu, kiedy okaże się który klucz został użyty, ponieważ
+w momencie uzyskania tego klucza może pojawić się ścieżka zaufania
+pomiędzy tym a innym, już poświadczonym kluczem.
+.
+
+.gpg.keyedit.delsig.invalid
+Ten podpis jest niepoprawny. Można usunąć go ze zbioru kluczy.
+.
+
+.gpg.keyedit.delsig.selfsig
+To jest podpis wiążący identyfikator użytkownika z kluczem. Nie należy
+go usuwać - GnuPG może nie móc posługiwać się dalej kluczem bez
+takiego podpisu. Bezpiecznie można go usunąć tylko jeśli ten podpis
+klucza nim samym z jakichÅ› przyczyn nie jest poprawny, i klucz jest
+drugi raz podpisany w ten sam sposób.
+.
+
+.gpg.keyedit.updpref.okay
+Przestawienie wszystkich (lub tylko wybranych) identyfikatorów na aktualne
+ustawienia. Data na odpowiednich podpisach zostane przesunięta do przodu o
+jednÄ… sekundÄ™.
+
+.
+
+.gpg.passphrase.enter
+Podaj długie, skomplikowane hasło, np. całe zdanie.
+
+.
+
+.gpg.passphrase.repeat
+Proszę powtórzyć hasło, aby upewnić się że nie było pomyłki.
+.
+
+.gpg.detached_signature.filename
+Podaj nazwę pliku którego dotyczy ten podpis
+.
+
+.gpg.openfile.overwrite.okay
+Jeśli można nadpisać ten plik, należy odpowiedzieć ,,tak''
+.
+
+.gpg.openfile.askoutname
+Nazwa pliku. Naciśnięcie ENTER potwierdzi nazwę domyślną (w nawiasach).
+.
+
+.gpg.ask_revocation_reason.code
+Nalezy podać powód unieważnienia klucza. W zależności od kontekstu można
+go wybrać z listy:
+ "Klucz został skompromitowany"
+ Masz powody uważać że twój klucz tajny dostał się w niepowołane ręce.
+ "Klucz został zastąpiony"
+ Klucz został zastąpiony nowym.
+ "Klucz nie jest już używany"
+ Klucz został wycofany z użycia.
+ "Identyfikator użytkownika przestał być poprawny"
+ Identyfikator użytkownika (najczęściej adres e-mail przestał być
+ poprawny.
+
+.
+
+.gpg.ask_revocation_reason.text
+Jeśli chcesz, możesz podać opis powodu wystawienia certyfikatu
+unieważnienia. Opis powinien byc zwięzły.
+Pusta linia kończy wprowadzanie tekstu.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.pt.txt b/doc/help.pt.txt
new file mode 100644
index 0000000..dac17c0
--- /dev/null
+++ b/doc/help.pt.txt
@@ -0,0 +1,253 @@
+# help.pt.txt - pt GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Você decide que valor usar aqui; este valor nunca será exportado para
+terceiros. Precisamos dele implementar a rede de confiança, que não tem
+nada a ver com a rede de certificados (implicitamente criada).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Para construir a Teia-de-Confiança ('Web-of-Trust'), o GnuPG precisa de
+saber quais são as chaves em que deposita confiança absoluta - normalmente
+estas são as chaves a que tem acesso à chave privada. Responda "sim" para
+que esta chave seja de confiança absoluta.
+
+.
+
+.gpg.untrusted_key.override
+Se você quiser usar esta chave, não de confiança, assim mesmo, responda "sim".
+.
+
+.gpg.pklist.user_id.enter
+Digite o ID de utilizador do destinatário para quem quer enviar a
+mensagem.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Em geral não é uma boa ideia utilizar a mesma chave para assinar e para
+cifrar. Este algoritmo só deve ser utilizado em alguns domínios.
+Por favor consulte primeiro o seu perito em segurança.
+.
+
+.gpg.keygen.size
+Insira o tamanho da chave
+.
+
+.gpg.keygen.size.huge.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.size.large.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.valid
+Digite o valor necessário conforme pedido.
+É possível digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa
+reacção a erros - o sistema tentará interpretar o valor dado como um intervalo.
+.
+
+.gpg.keygen.valid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.name
+Digite o nome do possuidor da chave
+.
+
+.gpg.keygen.email
+por favor digite um endereço de email (opcional mas recomendado)
+.
+
+.gpg.keygen.comment
+Por favor digite um comentário (opcional)
+.
+
+.gpg.keygen.userid.cmd
+N para mudar o nome.
+C para mudar o comentário.
+E para mudar o endereço de email
+O para continuar a geração da chave.
+S para interromper a geração da chave.
+.
+
+.gpg.keygen.sub.okay
+Responda "sim" (ou apenas "s") se quiser gerar a subchave.
+.
+
+.gpg.sign_uid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.sign_uid.class
+Quando assina uma chave de identificação de um utilizador, deve primeiro
+verificar que a chave pertence realmente à pessoa em questão. É útil para
+terceiros saberem com que cuidado é que efectuou esta verificação.
+
+"0" significa que não deseja declarar a forma com verificou a chave
+
+"1" significa que acredita que a chave pertence à pessoa em questão, mas
+ não conseguiu ou não tentou verificar. Este grau é útil para quando
+ assina a chave de uma utilizador pseudo-anónimo.
+
+"2" significa que efectuou uma verificação normal da chave. Por exemplo,
+ isto pode significar que verificou a impressão digital da chave e
+ verificou o identificador de utilizador da chave contra uma identificação
+ fotográfica.
+
+"3" significa que efectuou uma verificação exaustiva da chave. Por exemplo,
+ isto pode significar que efectuou a verificação pessoalmente, e que
+ utilizou um documento, com fotografia, difícil de falsificar
+ (como por exemplo um passaporte) que o nome do dono da chave é o
+ mesmo do que o identificador da chave, e que, finalmente, verificou
+ (através de troca de e-mail) que o endereço de email da chave pertence
+ ao done da chave.
+
+Atenção: os exemplos dados para os níveis 2 e 3 são *apenas* exemplos.
+Compete-lhe a si decidir o que considera, ao assinar chaves, uma verificação
+"normal" e uma verificação "exaustiva".
+
+Se não sabe qual é a resposta correcta, responda "0".
+.
+
+.gpg.change_passwd.empty.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.save.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.cancel.okay
+Responda "sim" ou "não"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Responda "sim" se quiser realmente remover este ID de utilizador.
+Todos os certificados também serão perdidos!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Responda "sim" se quiser remover a subchave
+.
+
+.gpg.keyedit.delsig.valid
+Esta é uma assinatura válida na chave; normalmente não é desejável
+remover esta assinatura porque ela pode ser importante para estabelecer
+uma conexão de confiança à chave ou a outra chave certificada por esta.
+.
+
+.gpg.keyedit.delsig.unknown
+Esta assinatura não pode ser verificada porque você não tem a chave
+correspondente. Você deve adiar sua remoção até saber que chave foi usada
+porque a chave desta assinatura pode estabelecer uma conexão de confiança
+através de outra chave já certificada.
+.
+
+.gpg.keyedit.delsig.invalid
+A assinatura não é válida. Faz sentido removê-la do seu porta-chaves.
+.
+
+.gpg.keyedit.delsig.selfsig
+Esta é uma assinatura que liga o ID de utilizador à chave. Geralmente
+não é uma boa idéia remover tal assinatura. É possível que o GnuPG
+não consiga mais usar esta chave. Faça isto apenas se por alguma
+razão esta auto-assinatura não for válida e há uma segunda disponível.
+.
+
+.gpg.keyedit.updpref.okay
+Muda as preferências de todos os identificadores de utilizadores
+(ou apenas dos seleccionados) para a lista actual de preferências.
+O 'timestamp' de todas as auto-assinaturas afectuadas será avançado
+em um segundo.
+
+.
+
+.gpg.passphrase.enter
+Por favor digite a frase secreta
+
+.
+
+.gpg.passphrase.repeat
+Por favor repita a frase secreta, para ter certeza do que digitou.
+.
+
+.gpg.detached_signature.filename
+Dê o nome para o ficheiro ao qual a assinatura se aplica
+.
+
+.gpg.openfile.overwrite.okay
+Responda "sim" se quiser escrever por cima do ficheiro
+.
+
+.gpg.openfile.askoutname
+Por favor digite um novo nome de ficheiro. Se você apenas carregar em RETURN
+o ficheiro por omissão (que é mostrado entre parênteses) será utilizado.
+.
+
+.gpg.ask_revocation_reason.code
+Deve especificar uma razão para a emissão do certificado. Dependendo no
+contexto, pode escolher as seguintes opções desta lista:
+ "A chave foi comprometida"
+ Utilize esta opção se tem razões para acreditar que indivíduos não
+ autorizados obtiveram acesso à sua chave secreta.
+ "A chave foi substituida"
+ Utilize esta opção se substituiu esta chave com uma mais recente.
+ "A chave já não é utilizada"
+ Utilize esta opção se já não utiliza a chave.
+ "O identificador do utilizador já não é válido"
+ Utilize esta opção para comunicar que o identificador do utilizador
+ não deve ser mais utilizado; normalmente utilizada para indicar
+ que um endereço de email é inválido.
+
+.
+
+.gpg.ask_revocation_reason.text
+Se desejar, pode inserir uma texto descrevendo a razão pela qual criou
+este certificado de revogação. Por favor mantenha este texto conciso.
+Uma linha vazia termina o texto.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.pt_BR.txt b/doc/help.pt_BR.txt
new file mode 100644
index 0000000..25a23c3
--- /dev/null
+++ b/doc/help.pt_BR.txt
@@ -0,0 +1,253 @@
+# help.pt_BR.txt - Brazilian GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Você decide que valor usar aqui; este valor nunca será exportado para
+terceiros. Precisamos dele implementar a rede de confiança, que não tem
+nada a ver com a rede de certificados (implicitamente criada).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Para construir a Teia-de-Confiança ('Web-of-Trust'), o GnuPG precisa de
+saber quais são as chaves em que deposita confiança absoluta - normalmente
+estas são as chaves a que tem acesso à chave privada. Responda "sim" para
+que esta chave seja de confiança absoluta.
+
+.
+
+.gpg.untrusted_key.override
+Se você quiser usar esta chave não confiável assim mesmo, responda "sim".
+.
+
+.gpg.pklist.user_id.enter
+Digite o ID de usuário do destinatário para o qual você quer enviar a
+mensagem.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Em geral não é uma boa ideia utilizar a mesma chave para assinar e para
+cifrar. Este algoritmo só deve ser utilizado em alguns domínios.
+Por favor consulte primeiro o seu perito em segurança.
+.
+
+.gpg.keygen.size
+Digite o tamanho da chave
+.
+
+.gpg.keygen.size.huge.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.size.large.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.valid
+Digite o valor necessário conforme pedido.
+É possível digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa
+reação a erros - o sistema tentará interpretar o valor dado como um intervalo.
+.
+
+.gpg.keygen.valid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.name
+Digite o nome do possuidor da chave
+.
+
+.gpg.keygen.email
+por favor digite um endereço de email (opcional mas recomendado)
+.
+
+.gpg.keygen.comment
+Por favor digite um comentário (opcional)
+.
+
+.gpg.keygen.userid.cmd
+N para mudar o nome.
+C para mudar o comentário.
+E para mudar o endereço de correio eletrônico.
+O para continuar a geração da chave.
+S para interromper a geração da chave.
+.
+
+.gpg.keygen.sub.okay
+Responda "sim" (ou apenas "s") se quiser gerar a subchave.
+.
+
+.gpg.sign_uid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.sign_uid.class
+Quando assina uma chave de identificação de um utilizador, deve primeiro
+verificar que a chave pertence realmente à pessoa em questão. É útil para
+terceiros saberem com que cuidado é que efectuou esta verificação.
+
+"0" significa que não deseja declarar a forma com verificou a chave
+
+"1" significa que acredita que a chave pertence à pessoa em questão, mas
+ não conseguiu ou não tentou verificar. Este grau é útil para quando
+ assina a chave de uma utilizador pseudo-anónimo.
+
+"2" significa que efectuou uma verificação normal da chave. Por exemplo,
+ isto pode significar que verificou a impressão digital da chave e
+ verificou o identificador de utilizador da chave contra uma identificação
+ fotográfica.
+
+"3" significa que efectuou uma verificação exaustiva da chave. Por exemplo,
+ isto pode significar que efectuou a verificação pessoalmente, e que
+ utilizou um documento, com fotografia, difícil de falsificar
+ (como por exemplo um passaporte) que o nome do dono da chave é o
+ mesmo do que o identificador da chave, e que, finalmente, verificou
+ (através de troca de e-mail) que o endereço de email da chave pertence
+ ao done da chave.
+
+Atenção: os exemplos dados para os níveis 2 e 3 são *apenas* exemplos.
+Compete-lhe a si decidir o que considera, ao assinar chaves, uma verificação
+"normal" e uma verificação "exaustiva".
+
+Se não sabe qual é a resposta correcta, responda "0".
+.
+
+.gpg.change_passwd.empty.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.save.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.cancel.okay
+Responda "sim" ou "não"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Responda "sim" se quiser realmente remover este ID de usuário.
+Todos os certificados também serão perdidos!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Responda "sim" se quiser remover a subchave
+.
+
+.gpg.keyedit.delsig.valid
+Esta é uma assinatura válida na chave; normalmente não é desejável
+remover esta assinatura porque ela pode ser importante para estabelecer
+uma conexão de confiança à chave ou a outra chave certificada por esta.
+.
+
+.gpg.keyedit.delsig.unknown
+Esta assinatura não pode ser verificada porque você não tem a chave
+correspondente. Você deve adiar sua remoção até saber que chave foi usada
+porque a chave desta assinatura pode estabelecer uma conexão de confiança
+através de outra chave já certificada.
+.
+
+.gpg.keyedit.delsig.invalid
+A assinatura não é válida. Faz sentido removê-la de seu chaveiro.
+.
+
+.gpg.keyedit.delsig.selfsig
+Esta é uma assinatura que liga o ID de usuário à chave. Geralmente
+não é uma boa idéia remover tal assinatura. É possível que o GnuPG
+não consiga mais usar esta chave. Faça isto apenas se por alguma
+razão esta auto-assinatura não for válida e há uma segunda disponível.
+.
+
+.gpg.keyedit.updpref.okay
+Muda as preferências de todos os identificadores de utilizadores
+(ou apenas dos seleccionados) para a lista actual de preferências.
+O 'timestamp' de todas as auto-assinaturas afectuadas será avançado
+em um segundo.
+
+.
+
+.gpg.passphrase.enter
+Por favor digite a frase secreta
+
+.
+
+.gpg.passphrase.repeat
+Por favor repita a última frase secreta, para ter certeza do que você digitou.
+.
+
+.gpg.detached_signature.filename
+Dê o nome para o arquivo ao qual a assinatura se aplica
+.
+
+.gpg.openfile.overwrite.okay
+Responda "sim" se quiser sobrescrever o arquivo
+.
+
+.gpg.openfile.askoutname
+Por favor digite um novo nome de arquivo. Se você apenas apertar RETURN o
+arquivo padrão (que é mostrado em colchetes) será usado.
+.
+
+.gpg.ask_revocation_reason.code
+Deve especificar uma razão para a emissão do certificado. Dependendo no
+contexto, pode escolher as seguintes opções desta lista:
+ "A chave foi comprometida"
+ Utilize esta opção se tem razões para acreditar que indivíduos não
+ autorizados obtiveram acesso à sua chave secreta.
+ "A chave foi substituida"
+ Utilize esta opção se substituiu esta chave com uma mais recente.
+ "A chave já não é utilizada"
+ Utilize esta opção se já não utiliza a chave.
+ "O identificador do utilizador já não é válido"
+ Utilize esta opção para comunicar que o identificador do utilizador
+ não deve ser mais utilizado; normalmente utilizada para indicar
+ que um endereço de email é inválido.
+
+.
+
+.gpg.ask_revocation_reason.text
+Se desejar, pode inserir uma texto descrevendo a razão pela qual criou
+este certificado de revogação. Por favor mantenha este texto conciso.
+Uma linha vazia termina o texto.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ro.txt b/doc/help.ro.txt
new file mode 100644
index 0000000..f655fdf
--- /dev/null
+++ b/doc/help.ro.txt
@@ -0,0 +1,251 @@
+# help.ro.txt - ro GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Este sarcina d-voastră să atribuiţi o valoare aici; această valoare
+nu va fi niciodată exportată pentru o terţă parte. Trebuie să
+implementăm reţeaua-de-încredere; aceasta nu are nimic în comun cu
+certificatele-de-reţea (create implicit).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Pentru a construi Reţeaua-de-Încredere, GnuPG trebuie să ştie care chei
+au nivel de încredere suprem - acestea de obicei sunt cheile pentru care
+aveţi acces la cheia secretă. Răspundeţi "da" pentru a seta
+această cheie cu nivel de încredere suprem
+
+.
+
+.gpg.untrusted_key.override
+Dacă doriţi oricum să folosiţi această cheie fără încredere, răspundeţi "da".
+.
+
+.gpg.pklist.user_id.enter
+Introduceţi ID-ul utilizator al destinatarului mesajului.
+.
+
+.gpg.keygen.algo
+Selectaţi algoritmul de folosit.
+
+DSA (aka DSS) este Digital Signature Algorithm ÅŸi poate fi folosit numai
+pentru semnături.
+
+Elgamal este un algoritm numai pentru cifrare.
+
+RSA poate fi folosit pentru semnături sau cifrare.
+
+Prima cheie (primară) trebuie să fie întotdeauna o cheie cu care se poate semna.
+.
+
+.gpg.keygen.algo.rsa_se
+În general nu este o idee bună să folosiţi aceeaşi cheie şi pentru
+semnare ÅŸi pentru cifrare. Acest algoritm ar trebui folosit numai
+în anumite domenii. Vă rugăm consultaţi mai întâi un expert în domeniu.
+.
+
+.gpg.keygen.size
+Introduceţi lungimea cheii
+.
+
+.gpg.keygen.size.huge.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keygen.size.large.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keygen.valid
+Introduceţi valoarea cerută precum a arătat la prompt.
+Este posibil să introduceţi o dată ISO (AAAA-LL-ZZ) dar nu veţi
+obţine un răspuns de eroare bun - în loc sistemul încearcă să
+interpreteze valoare dată ca un interval.
+.
+
+.gpg.keygen.valid.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keygen.name
+Introduceţi numele deţinătorului cheii
+.
+
+.gpg.keygen.email
+vă rugăm introduceţi o adresă de email (opţională dar recomandată)
+.
+
+.gpg.keygen.comment
+Vă rugăm introduceţi un comentriu opţional
+.
+
+.gpg.keygen.userid.cmd
+N pentru a schimba numele.
+C pentru a schimba comentariul.
+E pentru a schimba adresa de email.
+O pentru a continua cu generarea cheii.
+T pentru a termina generarea cheii.
+.
+
+.gpg.keygen.sub.okay
+Răspundeţi "da" (sau numai "d") dacă sunteţi OK să generaţi subcheia.
+.
+
+.gpg.sign_uid.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.sign_uid.class
+Când semnaţi un ID utilizator pe o cheie ar trebui să verificaţi mai întâi
+că cheia aparţine persoanei numite în ID-ul utilizator. Este util şi altora
+să ştie cât de atent aţi verificat acest lucru.
+
+"0" înseamnă că nu pretindeţi nimic despre cât de atent aţi verificat cheia
+"1" înseamnă că credeţi că cheia este a persoanei ce pretinde că este
+ proprietarul ei, dar n-aţi putut, sau nu aţi verificat deloc cheia.
+ Aceasta este utilă pentru verificare "persona", unde semnaţi cheia
+ unui utilizator pseudonim.
+
+"2" înseamnă că aţi făcut o verificare supericială a cheii. De exemplu,
+ aceasta ar putea însemna că aţi verificat amprenta cheii şi aţi verificat
+ ID-ul utilizator de pe cheie cu un ID cu poză.
+
+"3" înseamnă că aţi făcut o verificare extensivă a cheii. De exemplu,
+ aceasta ar putea însemna că aţi verificat amprenta cheii cu proprietarul
+ cheii în persoană, că aţi verificat folosind un document dificil de
+ falsificat cu poză (cum ar fi un paşaport) că numele proprietarului cheii
+ este acelaşi cu numele ID-ului utilizator al cheii şi că aţi verificat
+ (schimbând emailuri) că adresa de email de pe cheie aparţine proprietarului
+cheii.
+
+De notat că exemplele date pentru nivelele 2 şi 3 ceva mai sus sunt *numai*
+exemple. La urma urmei, d-voastră decideţi ce înseamnă "superficial" şi
+"extensiv" pentru d-voastră când semnaţi alte chei.
+
+Dacă nu ştiţi care este răspunsul, răspundeţi "0".
+.
+
+.gpg.change_passwd.empty.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keyedit.save.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keyedit.cancel.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keyedit.sign_all.okay
+Răspundeţi "da" dacă doriţi să semnaţi TOATE ID-urile utilizator
+.
+
+.gpg.keyedit.remove.uid.okay
+Răspundeţi "da" dacă într-adevăr doriţi să ştergeţi acest ID utilizator.
+Toate certificatele sunt de asemenea pierdute!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Răspundeţi "da" dacă este OK să ştergeţi subcheia
+.
+
+.gpg.keyedit.delsig.valid
+Aceasta este o semnătură validă pe cheie; în mod normal n-ar trebui
+să ştergeţi această semnătură pentru că aceasta ar putea fi importantăla stabilirea conexiunii de încredere la cheie sau altă cheie certificată
+de această cheie.
+.
+
+.gpg.keyedit.delsig.unknown
+Această semnătură nu poate fi verificată pentru că nu aveţi cheia
+corespunzătoare. Ar trebui să amânaţi ştergerea sa până ştiţi care
+cheie a fost folosită pentru că această cheie de semnare ar putea
+constitui o conexiune de încredere spre o altă cheie deja certificată.
+.
+
+.gpg.keyedit.delsig.invalid
+Semnătura nu este validă. Aceasta ar trebui ştearsă de pe inelul
+d-voastră de chei.
+.
+
+.gpg.keyedit.delsig.selfsig
+Aceasta este o semnătură care leagă ID-ul utilizator de cheie.
+De obicei nu este o idee bună să ştergeţi o asemenea semnătură.
+De fapt, GnuPG ar putea să nu mai poată folosi această cheie.
+Aşa că faceţi acest lucru numai dacă această auto-semnătură este
+dintr-o oarecare cauză invalidă şi o a doua este disponibilă.
+.
+
+.gpg.keyedit.updpref.okay
+Schimbaţi toate preferinţele ale tuturor ID-urilor utilizator (sau doar
+cele selectate) conform cu lista curentă de preferinţe. Timestamp-urile
+tuturor auto-semnăturilor afectate vor fi avansate cu o secundă.
+
+.
+
+.gpg.passphrase.enter
+Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă
+
+.
+
+.gpg.passphrase.repeat
+Vă rugăm repetaţi ultima frază-parolă, pentru a fi sigur(ă) ce aţi tastat.
+.
+
+.gpg.detached_signature.filename
+Daţi numele fişierului la care se aplică semnătura
+.
+
+.gpg.openfile.overwrite.okay
+Răspundeţi "da" dacă este OK să suprascrieţi fişierul
+.
+
+.gpg.openfile.askoutname
+Vă rugăm introduceţi un nou nume-fişier. Dacă doar apăsaţi RETURN,
+va fi folosit fişierul implicit (arătat în paranteze).
+.
+
+.gpg.ask_revocation_reason.code
+Ar trebui să specificaţi un motiv pentru certificare. În funcţie de
+context aveţi posibilitatea să alegeţi din această listă:
+ "Cheia a fost compromisă"
+ Folosiţi această opţiune dacă aveţi un motiv să credeţi că persoane
+ neautorizate au avut acces la cheia d-voastră secretă.
+ "Cheia este înlocuită"
+ Folosiţi această opţiune dacă înlocuiţi cheia cu una nouă.
+ "Cheia nu mai este folosită"
+ Folosiţi această opţiune dacă pensionaţi cheia.
+ "ID-ul utilizator nu mai este valid"
+ Folosiţi această opţiune dacă ID-ul utilizator nu mai trebuie folosit;
+ de obicei folosită pentru a marca o adresă de email ca invalidă.
+
+.
+
+.gpg.ask_revocation_reason.text
+Dacă doriţi, puteţi introduce un text descriind de ce publicaţi acest
+certificat de revocare. Vă rugăm fiţi concis.
+O linie goală termină textul.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ru.txt b/doc/help.ru.txt
new file mode 100644
index 0000000..bd4ae14
--- /dev/null
+++ b/doc/help.ru.txt
@@ -0,0 +1,250 @@
+# help.ru.txt - ru GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Ð’Ñ‹ должны ввеÑти здеÑÑŒ значение; оно никогда не будет ÑкÑпортировано
+третьей Ñтороне. Это необходимо Ð´Ð»Ñ Ñ€ÐµÐ°Ð»Ð¸Ð·Ð°Ñ†Ð¸Ð¸ Сети ДовериÑ;
+и не имеет ничего общего Ñ (неÑвно Ñозданной) Ñетью Ñертификатов.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Ð”Ð»Ñ Ð¿Ð¾ÑÑ‚Ñ€Ð¾ÐµÐ½Ð¸Ñ Ð¡ÐµÑ‚Ð¸ ДовериÑ, GnuPG должен знать, к каким ключам
+имеетÑÑ Ð°Ð±Ñолютное доверие - обычно Ñто ключи Ð´Ð»Ñ ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ñ… у Ð’Ð°Ñ ÐµÑÑ‚ÑŒ
+Ñекретный ключ. Ответьте "yes" Ð´Ð»Ñ Ð¿Ñ€Ð¸ÑÐ²Ð¾ÐµÐ½Ð¸Ñ Ð°Ð±Ñолютного довериÑ
+данному ключу
+
+.
+
+.gpg.untrusted_key.override
+ЕÑли хотите иÑпользовать данный недоверÑемый ключ - ответьте "yes".
+.
+
+.gpg.pklist.user_id.enter
+Введите User ID адреÑата, которому хотите отправить Ñообщение.
+.
+
+.gpg.keygen.algo
+Выберите алгоритм.
+
+DSA (aka DSS) - Digital Signature Algorithm может иÑпользоватьÑÑ
+только Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñей.
+
+Elgamal - алгоритм иÑпользуемый только Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ.
+
+RSA может иÑпользоватьÑÑ Ð¸ Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи, и Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ.
+
+Первый (он же главный) ключ вÑегда должен быть подпиÑывающим.
+.
+
+.gpg.keygen.algo.rsa_se
+Обычно не рекомендуетÑÑ Ð¸Ñпользовать один ключ и Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи, и Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ.
+Данный алгоритм Ñледует иÑпользовтаь только в некоторых ÑлучаÑÑ….
+ПроконÑультируйтеÑÑŒ Ñ Ð’Ð°ÑˆÐ¸Ð¼ ÑкÑпертом по безопаÑноÑти перед тем,
+как иÑпользовать данный ключ.
+.
+
+.gpg.keygen.size
+Введите размер ключа
+.
+
+.gpg.keygen.size.huge.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keygen.size.large.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keygen.valid
+Введите требуемое значение, как показано в подÑказке.
+Можно ввеÑти дату в ISO формате (YYYY-MM-DD), но Ð’Ñ‹ не получите
+уведомление при ошибке в формате - вмеÑто Ñтого ÑиÑтема попробует
+интерпретировать введенное значение как интервал.
+.
+
+.gpg.keygen.valid.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keygen.name
+Введите Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° ключа
+.
+
+.gpg.keygen.email
+введите необÑзательный, но очень рекомендуемый email адреÑ
+.
+
+.gpg.keygen.comment
+Введите необÑзательный комментарий
+.
+
+.gpg.keygen.userid.cmd
+N изменить имÑ.
+C изменить комментарий.
+E изменить email адреÑ.
+O продолжить Ñоздание ключа.
+Q выйти и прервать Ñоздание ключа.
+.
+
+.gpg.keygen.sub.okay
+Ответьте "yes" (или только "y"), еÑли готовы Ñоздавать подключ.
+.
+
+.gpg.sign_uid.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.sign_uid.class
+Перед подпиÑыванием User ID ключа, Ñледует прежде удоÑтоверитьÑÑ, что
+ключ дейÑтвительно принадлежит человеку указанному в User ID. Это очень важно
+Ð´Ð»Ñ Ñ‚ÐµÑ…, кто учитывает как хорошо Ð’Ñ‹ проверÑете доÑтоверноÑÑ‚ÑŒ User ID.
+
+"0" означает, что Ð’Ñ‹ не можете Ñказать, как хорошо Ð’Ñ‹ проверили ключ.
+"1" означает, что Вы полагаете, что ключ принадлежит человеку, который
+ указан в нем, но Ð’Ñ‹ не могли или не проводили проверку ключа ÑовÑем.
+ Это полезно, когда Ð’Ñ‹ подпиÑываете ключ Ñ Ð¿Ñевдонимом человека.
+
+"2" означает, что Ð’Ñ‹ делали неаккуратную проверку ключа. Ðапример, Ñто может
+ означать, что Вы проверили отпечаток ключа и проверили User ID на
+ ключе на оÑновании фото ID.
+
+"3" означает, что Ð’Ñ‹ выполнили вÑеÑтороннюю проверку ключа. Ðапример, Ñто может
+ означать, что Ð’Ñ‹ Ñверили отпечаток ключа Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†ÐµÐ¼ ключа лично
+ и что Ð’Ñ‹ Ñверили вÑÑ‘ поÑредÑтвом трудноподделываемого документа Ñ
+ фотографией (таким как паÑпорт), что Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° ключа Ñовпадает Ñ
+ именем в User ID ключа и наконец, что Вы проверили (обменом шифрованными
+ пиÑьмами), что email Ð°Ð´Ñ€ÐµÑ Ð½Ð° ключе принадлежит владельцу ключа.
+
+Учтите, что примеры данные Ð´Ð»Ñ ÑƒÑ€Ð¾Ð²Ð½ÐµÐ¹ 2 и 3 - только примеры.
+Ð’ конечном итоге, Вам решать, как клаÑÑифицировать "неаккуратно" и "вÑеÑторонне",
+при подпиÑывании чужих ключей.
+
+ЕÑли Ð’Ñ‹ не можете определитьÑÑ Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ñ‹Ð¼ ответом, ответьте "0".
+.
+
+.gpg.change_passwd.empty.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keyedit.save.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keyedit.cancel.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keyedit.sign_all.okay
+Ответьте "yes", еÑли хотите подпиÑать ВСЕ User ID
+.
+
+.gpg.keyedit.remove.uid.okay
+Ответьте "yes", еÑли дейÑтвительно хотите удалить данный User ID.
+Ð’Ñе Ñертификаты также будут потерÑны!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Ответьте "yes", еÑли готовы удалить подключ
+.
+
+.gpg.keyedit.delsig.valid
+Это дейÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ на ключе; обычно не желательно
+удалÑÑ‚ÑŒ такие подпиÑи, потому, что она может быть важна Ð´Ð»Ñ ÑƒÑтановлениÑ
+доÑтоверноÑти ключа или других ключей подпиÑанных данным ключом.
+.
+
+.gpg.keyedit.delsig.unknown
+Ð”Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ не может быть проверена потому, что Ð’Ñ‹ не имеете
+ÑоответÑтвующего ключа. Можете отложить ее удаление, пока не
+узнаете, какой ключ был иÑпользован, Ñ‚.к. Ñта подпиÑÑŒ может
+уÑтанавливать доÑтоверноÑÑ‚ÑŒ через другие уже удоÑтоверенные ключи.
+.
+
+.gpg.keyedit.delsig.invalid
+ПодпиÑÑŒ недейÑтвительна. Это дает оÑÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ ее из
+ÑвÑзки ключей.
+.
+
+.gpg.keyedit.delsig.selfsig
+Ð”Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ ÑвлÑетÑÑ ÑамоподпиÑью и привÑзывает User ID к ключу.
+Обычно Ñто Ð¿Ð»Ð¾Ñ…Ð°Ñ Ð¸Ð´ÐµÑ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ такую подпиÑÑŒ. Ðа Ñамом деле
+GnuPG может не позволить иÑпользовать такой ключ далее.
+Делайте Ñто только еÑли Ð´Ð°Ð½Ð½Ð°Ñ ÑамоподпиÑÑŒ не дейÑтвительна по
+каким-либо причинам и ÑущеÑтвует доÑÑ‚ÑƒÐ¿Ð½Ð°Ñ Ð²Ñ‚Ð¾Ñ€Ð°Ñ.
+.
+
+.gpg.keyedit.updpref.okay
+Изменение предпочтений Ð´Ð»Ñ Ð²Ñех User ID (или только Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ…)
+на текущий ÑпиÑок предпочтений. Отметка времени на вÑех затронутых
+ÑамоподпиÑÑÑ… будет увеличена на одну Ñекунду.
+
+.
+
+.gpg.passphrase.enter
+Введите фразу-пароль (Ñто ÑÐµÐºÑ€ÐµÑ‚Ð½Ð°Ñ Ñтрока)
+
+.
+
+.gpg.passphrase.repeat
+Повторите фразу-пароль, чтобы убедитьÑÑ Ð² том, что она набрана правильно.
+.
+
+.gpg.detached_signature.filename
+Введите Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°, к которому отноÑитÑÑ Ð´Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ
+.
+
+.gpg.openfile.overwrite.okay
+Ответьте "yes", еÑли хотите перезапиÑать файл
+.
+
+.gpg.openfile.askoutname
+Введите новое Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°. ЕÑли нажмете только RETURN будет иÑпользован
+по умолчанию тот файл, который показан в квадратных Ñкобках.
+.
+
+.gpg.ask_revocation_reason.code
+Ð¡ÐµÐ¹Ñ‡Ð°Ñ Ñможете указать причину отзыва ключа. ОÑновываÑÑÑŒ на
+контекÑте отзыва - можете выбрать один из Ñледующих вариантов:
+ "Ключ был Ñкомпрометирован"
+ Выберите, еÑли предполагаете, что поÑторонний человек
+ получил доÑтуп к Вашему Ñекретному ключу.
+ "Ключ заменен другим"
+ Выберите, еÑли заменÑете данный ключ на другой.
+ "Ключ больше не иÑпользуетÑÑ"
+ Выберите, еÑли отказываетеÑÑŒ от иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ ключа.
+ "User ID больше не дейÑтвителен"
+ Выберите, еÑли больше не ÑобираетеÑÑŒ иÑпользовать данный User ID.
+ Обычно иÑпользуетÑÑ, Ð´Ð»Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð¸Ñ, что данный e-mail больше
+ не иÑпользуетÑÑ
+
+.
+
+.gpg.ask_revocation_reason.text
+При необходимоÑти здеÑÑŒ можно прокомментировать причины
+ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñертификата отзыва. Будьте кратки.
+Ð”Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ Ð²Ð²ÐµÐ´Ð¸Ñ‚Ðµ пуÑтую Ñтроку.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.sk.txt b/doc/help.sk.txt
new file mode 100644
index 0000000..a0fa4aa
--- /dev/null
+++ b/doc/help.sk.txt
@@ -0,0 +1,254 @@
+# help.sk.txt - sk GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Je na Vás, aby ste sem priradili hodnotu; táto hodnota nebude nikdy
+exportovaná tretej strane. Potrebujeme ju k implementácii "pavuÄiny
+dôvery"; nemá to niÄ spoloÄné s (implicitne vytvorenou) "pavuÄinou
+certifikátov".
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Aby bolo možné vybudovaÅ¥ pavuÄinu dôvery, musí GnuPG vedieÅ¥, ktorým kľúÄom
+dôverujete absolútne - obyÄajne sú to tie kľúÄe, pre ktoré máte prístup
+k tajným kľúÄom. Odpovedzte "ano", aby ste nastavili tieto kľúÄe
+ako absolútne dôveryhodné
+
+.
+
+.gpg.untrusted_key.override
+Pokiaľ aj tak chcete použiÅ¥ tento nedôveryhodný kľúÄ, odpovedzte "ano".
+.
+
+.gpg.pklist.user_id.enter
+Vložte identifikátor adresáta, ktorému chcete poslať správu.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+VÅ¡ebecne nemožno odporúÄaÅ¥ používaÅ¥ rovnaký kÄ¾ÃºÄ na Å¡ifrovanie a podeisovanie
+Tento algoritmus je vhodné použiÅ¥ len za urÄitých podmienok.
+Kontaktujte prosím najprv bezpeÄnostného Å¡pecialistu.
+.
+
+.gpg.keygen.size
+Vložte dĺžku kľúÄa
+.
+
+.gpg.keygen.size.huge.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keygen.size.large.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keygen.valid
+Vložte požadovanú hodnotu tak, ako je uvedené v príkazovom riadku.
+Je možné vložiť dátum vo formáte ISO (RRRR-MM-DD), ale nedostanete
+správnu chybovú hlášku - miesto toho systém skúsi interpretovať
+zadanú hodnotu ako interval.
+.
+
+.gpg.keygen.valid.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keygen.name
+Vložte meno držiteľa kľúÄa
+.
+
+.gpg.keygen.email
+prosím, vložte e-mailovú adresu (nepovinné, ale veľmi odporúÄané)
+.
+
+.gpg.keygen.comment
+Prosím, vložte nepovinný komentár
+.
+
+.gpg.keygen.userid.cmd
+N pre zmenu názvu.
+C pre zmenu komentára.
+E pre zmenu e-mailovej adresy.
+O pre pokraÄovanie generovania kľúÄa.
+Q pre ukonÄenie generovania kľúÄa.
+.
+
+.gpg.keygen.sub.okay
+Ak chcete generovaÅ¥ podkľúÄ, odpovedzte "ano" (alebo len "a").
+.
+
+.gpg.sign_uid.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.sign_uid.class
+Skôr ako podpíšete id užívateľa, mali by ste najprv overiÅ¥, Äi kľúÄ
+patrí osobe, ktorej meno je uvedené v identifikátore užívateľa.
+Je veľmi užitoÄné, keÄ ostatní vedia, ako dôsledne ste previedli
+takéto overenie.
+
+"0" znamená, že neuvádzate, ako dôsledne ste pravosÅ¥ kľúÄa overili
+
+"1" znamená, že veríte tomu, že kÄ¾ÃºÄ patrí osobe, ktorá je uvedená,
+ v užívateľskom ID, ale nemohli ste alebo jste nepreverili túto skutoÄnosÅ¥.
+ To je užitoÄné pre "osobnú" verifikáciu, keÄ podpisujete kľúÄe, ktoré
+ používajú pseudonym užívateľa.
+
+"2" znamená, že ste ÄiastoÄne overili pravosÅ¥ kľúÄa. Napr. ste overili
+ fingerprint kľúÄa a skontrolovali identifikátor užívateľa
+ uvedený na kľúÄi s fotografickým id.
+
+"3" Znamená, že ste vykonali veľmi dôkladné overenie pravosti kľúÄa.
+ To môže napríklad znamenaÅ¥, že ste overili fingerprint kľúÄa
+ jeho vlastníka osobne a Äalej ste pomocou tažko falÅ¡ovateľného
+ dokumentu s fotografiou (napríklad pasu) overili, že meno majiteľa
+ kľúÄa sa zhoduje s menom uvedeným v užívateľskom ID a Äalej ste
+ overili (výmenou elektronických dopisov), že elektronická adresa uvedená
+ v ID užívateľa patrí majiteľovi kľúÄa.
+
+Prosím nezabúdajte, že príklady uvedené pre úroveň 2 a 3 sú *len*
+príklady.
+Je len na VaÅ¡om rozhodnutí, Äo "ÄiastoÄné" a "dôkladné" overenie znamená
+keÄ budete podpisovaÅ¥ kľúÄe iným užívateľom.
+
+Pokiaľ neviete, aká je správna odpoveÄ, odpovedzte "0".
+.
+
+.gpg.change_passwd.empty.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keyedit.save.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keyedit.cancel.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Pokiaľ skutoÄne chcete zmazaÅ¥ tento identifikátor užívateľa, odpovedzte "ano".
+Všetky certifikáty budú tiež stratené!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Odpovedzte "ano", pokiaľ chcete zmazaÅ¥ podkľúÄ
+.
+
+.gpg.keyedit.delsig.valid
+Toto je platný podpis kľúÄa; normálne nechcete tento podpis zmazaÅ¥,
+pretože môže byÅ¥ dôležitý pri vytváraní dôvery kľúÄa alebo iného kľúÄa
+ceritifikovaného týmto kľúÄom.
+.
+
+.gpg.keyedit.delsig.unknown
+Tento podpis nemôže byÅ¥ overený, pretože nemáte zodpovedajúci verejný kľúÄ.
+Jeho zmazanie by ste mali odložiÅ¥ do Äasu, keÄ budete vedieÅ¥, ktorý kľúÄ
+bol použitý, pretože tento podpisovací kÄ¾ÃºÄ môže vytvoriÅ¥ dôveru
+prostredníctvom iného už certifikovaného kľúÄa.
+.
+
+.gpg.keyedit.delsig.invalid
+Podpis je neplatný. Je rozumné ho odstrániÅ¥ z Vášho súboru kľúÄov.
+.
+
+.gpg.keyedit.delsig.selfsig
+Toto je podpis, ktorý viaže identifikátor užívateľa ku kľúÄu. ZvyÄajne
+nie je dobré takýto podpis odstrániÅ¥. GnuPG nemôže tento kÄ¾ÃºÄ naÄalej
+používaÅ¥. Urobte to len v prípade, keÄ je tento podpis kľúÄa
+ním samým z nejakého dôvodu neplatný a keÄ je k dispozícii iný kľúÄ.
+.
+
+.gpg.keyedit.updpref.okay
+ZmeniÅ¥ predvoľby pre vÅ¡etky užívateľské ID (alebo len pre oznaÄené)
+na aktuálny zoznam predvolieb. Časové razítka všetkých dotknutých podpisov
+kľúÄov nimi samotnými budú posunuté o jednu sekundu dopredu.
+
+.
+
+.gpg.passphrase.enter
+Prosím, vložte heslo; toto je tajná veta
+
+.
+
+.gpg.passphrase.repeat
+Prosím, zopakujte posledné heslo, aby ste si boli istý, Äo ste napísali.
+.
+
+.gpg.detached_signature.filename
+Zadajte názov súboru, ku ktorému sa podpis vzťahuje
+.
+
+.gpg.openfile.overwrite.okay
+Ak si prajete prepísanie súboru, odpovedzte "ano"
+.
+
+.gpg.openfile.askoutname
+Prosím, vložte nový názov súboru. Ak len stlaÄíte RETURN, bude
+použitý implicitný súbor (ktorý je zobrazený v zátvorkách).
+.
+
+.gpg.ask_revocation_reason.code
+Mali by ste špecifikovať dôvod certifikácie. V závislosti na kontexte
+máte možnosť si vybrať zo zoznamu:
+ "kÄ¾ÃºÄ bol kompromitovaný"
+ Toto použite, pokiaľ si myslíte, že k Vášmu tajnému kľúÄu získali
+ prístup neoprávnené osoby.
+ "kÄ¾ÃºÄ je nahradený"
+ Toto použite, pokiaľ ste tento kÄ¾ÃºÄ nahradili novším kľúÄom.
+ "kÄ¾ÃºÄ sa už nepoužíva"
+ Toto použite, pokiaľ tento kÄ¾ÃºÄ už nepoužívate.
+ "Identifikátor užívateľa už nie je platný"
+ Toto použite, pokiaľ by sa identifikátor užívateľa už nemal používať;
+ normálne sa používa na oznaÄenie neplatnej e-mailové adresy.
+
+.
+
+.gpg.ask_revocation_reason.text
+Ak chcete, môžete vložiÅ¥ text popisujúcí pôvod vzniku tohto revokaÄného
+ceritifikátu. Prosím, struÄne.
+Text konÄí prázdnym riadkom.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.sv.txt b/doc/help.sv.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.sv.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.tr.txt b/doc/help.tr.txt
new file mode 100644
index 0000000..15bdf8e
--- /dev/null
+++ b/doc/help.tr.txt
@@ -0,0 +1,242 @@
+# help.tr.txt - tr GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Bir değeri buraya işaretlemek size kalmış; bu değer herhangi bir 3. şahsa
+gönderilmeyecek. Bir güvence ağı sağlamak için bizim buna ihtiyacımız var;
+bunun (açıkça belirtilmeden oluşturulmuş) sertifikalar ağıyla
+hiçbir alakası yok.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Web-of-Trust oluşturulabilmesi için GnuPG'ye hangi anahtarların son derece
+güvenli (bunlar gizli anahtarlarına erişiminiz olan anahtarlardır) olduğunun
+bildirilmesi gerekir. "evet" yanıtı bu anahtarın son derece güvenli
+olduğunun belirtilmesi için yeterlidir.
+
+.
+
+.gpg.untrusted_key.override
+Bu güvencesiz anahtarı yine de kullanmak istiyorsanız cevap olarak
+ "evet" yazın.
+.
+
+.gpg.pklist.user_id.enter
+Bu iletiyi göndereceğiniz adresin kullanıcı kimliğini giriniz.
+.
+
+.gpg.keygen.algo
+Kullanılacak algoritmayı seçiniz.
+
+DSA (nam-ı diğer DSS) Sayısal İmza Algortimasıdır ve
+sadece imzalar için kullanılabilir.
+
+Elgamal sadece şifreleme amacıyla kullanılabilen bir algoritmadır.
+
+RSA hem imzalamak hem de şifrelemek amacıyla kullanılabilir.
+
+İlk (asıl) anahtar daima imzalama yeteneğine sahip bir anahtar olmalıdır.
+.
+
+.gpg.keygen.algo.rsa_se
+Genelde imzalama ve şifreleme için aynı anahtarı kullanmak iyi bir fikir
+değildir. Bu algoritma sadece belli alanlarda kullanılabilir.
+Lütfen güvenlik uzmanınıza danışın.
+.
+
+.gpg.keygen.size
+Anahtar uzunluÄŸunu giriniz
+.
+
+.gpg.keygen.size.huge.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keygen.size.large.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keygen.valid
+İstenen değeri girin. ISO tarihi (YYYY-AA-GG) girmeniz mümkündür fakat
+iyi bir hata cevabı alamazsınız -- onun yerine sistem verilen değeri
+bir zaman aralığı olarak çözümlemeyi dener.
+.
+
+.gpg.keygen.valid.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keygen.name
+Anahtar tutucunun ismini giriniz
+.
+
+.gpg.keygen.email
+lütfen bir E-posta adresi girin (isteğe bağlı ancak kuvvetle tavsiye edilir)
+.
+
+.gpg.keygen.comment
+Lütfen önbilgi girin (isteğe bağlı)
+.
+
+.gpg.keygen.userid.cmd
+S iSim değiştirmek için.
+B önBilgiyi değiştirmek için.
+P e-Posta adresini değiştirmek için.
+D anahtar üretimine Devam etmek için.
+K anahtar üretiminden çıKmak için.
+.
+
+.gpg.keygen.sub.okay
+Yardımcı anahtarı üretmek istiyorsanız "evet" ya da "e" girin.
+.
+
+.gpg.sign_uid.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.sign_uid.class
+Bir anahtarı bir kullanıcı kimlikle imzalamadan önce kullanıcı kimliğin
+içindeki ismin, anahtarın sahibine ait olup olmadığını kontrol etmelisiniz.
+
+"0" bu kontrolu yapmadığınız ve yapmayı da bilmediğiniz anlamındadır.
+"1" anahtar size sahibi tarafından gönderildi ama siz bu anahtarı başka
+ kaynaklardan doğrulamadınız anlamındadır. Bu kişisel doğrulama için
+ yeterlidir. En azında yarı anonim bir anahtar imzalaması yapmış
+ olursunuz.
+"2" ayrıntılı bir inceleme yapıldığı anlamındadır. Örneğin parmakizi ve
+ bir anahtarın foto kimliğiyle kullanıcı kimliğini karşılaştırmak
+ gibi denetimleri yapmışsınızdır.
+"3" inceden inceye bir doğrulama anlatır. Örneğin, şahıstaki anahtarın
+ sahibi ile anahtar parmak izini karşılaştırmışsınızdır ve anahtardaki
+ kullanıcı kimlikte belirtilen isme ait bir basılı kimlik belgesindeki
+ bir fotoğrafla şahsı karşılaştırmışsınızdır ve son olarak anahtar
+ sahibinin e-posta adresini kendisinin kullanmakta olduÄŸunu da
+ denetlemiÅŸsinizdir.
+Burada 2 ve 3 için verilen örnekler *sadece* örnektir.
+Eninde sonunda bir anahtarı imzalarken "ayrıntılı" ve "inceden inceye" kontroller arasındaki ayrıma siz karar vereceksiniz.
+Bu kararı verebilecek durumda değilseniz "0" cevabını verin.
+.
+
+.gpg.change_passwd.empty.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keyedit.save.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keyedit.cancel.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keyedit.sign_all.okay
+Kullanıcı kimliklerinin TÜMünü imzalamak istiyorsanız "evet" ya da "yes" yazın
+.
+
+.gpg.keyedit.remove.uid.okay
+Bu kullanıcı kimliğini gerçekten silmek istiyorsanız "evet" girin.
+Böylece bütün sertifikaları kaybedeceksiniz!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Bu yardımcı anahtarı silme izni vermek istiyorsanız "evet" girin
+.
+
+.gpg.keyedit.delsig.valid
+Bu, anahtar üzerinde geçerli bir imzadır; anahtara ya da bu anahtarla
+sertifikalanmış bir diğer anahtara bir güvence bağlantısı sağlamakta
+önemli olabileceğinden normalde bu imzayı silmek istemezsiniz.
+.
+
+.gpg.keyedit.delsig.unknown
+Bu imza, anahtarına sahip olmadığınızdan, kontrol edilemez. Bu imzanın
+silinmesini hangi anahtarın kullanıldığını bilene kadar
+ertelemelisiniz çünkü bu imzalama anahtarı başka bir sertifikalı
+anahtar vasıtası ile bir güvence bağlantısı sağlayabilir.
+.
+
+.gpg.keyedit.delsig.invalid
+İmza geçersiz. Anahtarlıktan kaldırmak uygun olacak.
+.
+
+.gpg.keyedit.delsig.selfsig
+Bu imza kullanıcı kimliğini anahtara bağlar. Öz-imzayı silmek hiç iyi
+bir fikir değil. GnuPG bu anahtarı bir daha hiç kullanamayabilir.
+Bunu sadece, eğer bu öz-imza bazı durumlarda geçerli değilse ya da
+kullanılabilir bir ikincisi var ise yapın.
+.
+
+.gpg.keyedit.updpref.okay
+Tüm kullanıcı kimlik tercihlerini (ya da seçilen birini) mevcut tercihler
+listesine çevirir. Tüm etkilenen öz-imzaların zaman damgaları bir sonraki
+tarafından öne alınacaktır.
+
+.
+
+.gpg.passphrase.enter
+Lütfen bir anahtar parolası giriniz; yazdıklarınız görünmeyecek
+
+.
+
+.gpg.passphrase.repeat
+Lütfen son parolayı tekrarlayarak ne yazdığınızdan emin olun.
+.
+
+.gpg.detached_signature.filename
+İmzanın uygulanacağı dosyanın ismini verin
+.
+
+.gpg.openfile.overwrite.okay
+Dosyanın üzerine yazılacaksa lütfen "evet" yazın
+.
+
+.gpg.openfile.askoutname
+Lütfen yeni dosya ismini girin. Dosya ismini yazmadan RETURN tuşlarsanız
+parantez içinde gösterilen öntanımlı dosya kullanılacak.
+.
+
+.gpg.ask_revocation_reason.code
+Sertifikalama için bir sebep belirtmelisiniz. İçeriğine bağlı olarak
+bu listeden seçebilirsiniz:
+ "Anahtar tehlikede"
+ Yetkisiz kişilerin gizli anahtarınıza erişebildiğine inanıyorsanız
+ bunu seçin.
+ "Anahtar geçici"
+ Mevcut anahtarı daha yeni bir anahtar ile değiştirmişseniz bunu seçin.
+ "Anahtar artık kullanılmayacak"
+ Anahtarı emekliye ayıracaksanız bunu seçin.
+ "Kullanıcı kimliği artık geçersiz"
+ Kullanıcı kimliği artık kullanılamayacak durumdaysa bunu
+ seçin; genelde Eposta adresi geçersiz olduğunda kullanılır.
+
+.
+
+.gpg.ask_revocation_reason.text
+İsterseniz, neden bu yürürlükten kaldırma sertifikasını
+verdiğinizi açıklayan bir metin girebilirsiniz.
+Lütfen bu metin kısa olsun. Bir boş satır metni bitirir.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.txt b/doc/help.txt
new file mode 100644
index 0000000..36b993d
--- /dev/null
+++ b/doc/help.txt
@@ -0,0 +1,372 @@
+# help.txt - English GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+# Note that this help file needs to be UTF-8 encoded. When looking
+# for a help item, GnuPG scans the help files in the following order
+# (assuming a GNU or Unix system):
+#
+# /etc/gnupg/help.LL_TT.txt
+# /etc/gnupg/help.LL.txt
+# /etc/gnupg/help.txt
+# /usr/share/gnupg/help.LL_TT.txt
+# /usr/share/gnupg/help.LL.txt
+# /usr/share/gnupg/help.txt
+#
+# Here LL_TT denotes the full name of the current locale with the
+# territory (.e.g. "de_DE"), LL denotes just the locale name
+# (e.g. "de"). The first matching item is returned. To put a dot or
+# a hash mark at the beginning of a help text line, it needs to be
+# prefixed with ". ". A single dot may be used to terminated ahelp
+# entry.
+
+.#pinentry.qualitybar.tooltip
+# [remove the hash mark from the key to enable this text]
+# This entry is just an example on how to customize the tooltip shown
+# when hovering over the quality bar of the pinentry. We don't
+# install this text so that the hardcoded translation takes
+# precedence. An administrator should write up a short help to tell
+# the users about the configured passphrase constraints and save that
+# to /etc/gnupg/help.txt. The help text should not be longer than
+# about 800 characters.
+This bar indicates the quality of the passphrase entered above.
+
+As long as the bar is shown in red, GnuPG considers the passphrase too
+weak to accept. Please ask your administrator for details about the
+configured passphrase constraints.
+.
+
+
+.gnupg.agent-problem
+# There was a problem accessing or starting the agent.
+It was either not possible to connect to a running Gpg-Agent or a
+communication problem with a running agent occurred.
+
+The system uses a background process, called Gpg-Agent, for processing
+private keys and to ask for passphrases. The agent is usually started
+when the user logs in and runs as long the user is logged in. In case
+that no agent is available, the system tries to start one on the fly
+but that version of the agent is somewhat limited in functionality and
+thus may lead to little problems.
+
+You probably need to ask your administrator on how to solve the
+problem. As a workaround you might try to log out and in to your
+session and see whether this helps. If this helps please tell the
+administrator anyway because this indicates a bug in the software.
+.
+
+
+.gnupg.dirmngr-problem
+# There was a problen accessing the dirmngr.
+It was either not possible to connect to a running Dirmngr or a
+communication problem with a running Dirmngr occurred.
+
+To lookup certificate revocation lists (CRLs), performing OCSP
+validation and to lookup keys through LDAP servers, the system uses an
+external service program named Dirmngr. The Dirmngr is usually running
+as a system service (daemon) and does not need any attention by the
+user. In case of problems the system might start its own copy of the
+Dirmngr on a per request base; this is a workaround and yields limited
+performance.
+
+If you encounter this problem, you should ask your system
+administrator how to proceed. As an interim solution you may try to
+disable CRL checking in gpgsm's configuration.
+.
+
+
+.gpg.edit_ownertrust.value
+# The help identies prefixed with "gpg." used to be hard coded in gpg
+# but may now be overridden by help texts from this file.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted.
+
+
+.gpg.untrusted_key.override
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.gpg.pklist.user_id.enter
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.gpg.keygen.algo
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+
+.gpg.keygen.algo.rsa_se
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+
+.gpg.keygen.size
+Enter the size of the key.
+
+The suggested default is usually a good choice.
+
+If you want to use a large key size, for example 4096 bit, please
+think again whether it really makes sense for you. You may want
+to view the web page http://www.xkcd.com/538/ .
+.
+
+.gpg.keygen.size.huge.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keygen.size.large.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keygen.valid
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.gpg.keygen.valid.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keygen.name
+Enter the name of the key holder.
+The characters "<" and ">" are not allowed.
+Example: Heinrich Heine
+.
+
+
+.gpg.keygen.email
+Please enter an optional but highly suggested email address.
+Example: heinrichh@duesseldorf.de
+.
+
+.gpg.keygen.comment
+Please enter an optional comment.
+The characters "(" and ")" are not allowed.
+In general there is no need for a comment.
+.
+
+
+.gpg.keygen.userid.cmd
+# (Keep a leading empty line)
+
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.gpg.keygen.sub.okay
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.gpg.sign_uid.okay
+Answer "yes" or "no".
+.
+
+.gpg.sign_uid.class
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.gpg.change_passwd.empty.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keyedit.save.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keyedit.cancel.okay
+Answer "yes" or "no".
+.
+
+.gpg.keyedit.sign_all.okay
+Answer "yes" if you want to sign ALL the user IDs.
+.
+
+.gpg.keyedit.remove.uid.okay
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Answer "yes" if it is okay to delete the subkey.
+.
+
+
+.gpg.keyedit.delsig.valid
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.gpg.keyedit.delsig.unknown
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.gpg.keyedit.delsig.invalid
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.gpg.keyedit.delsig.selfsig
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.gpg.keyedit.updpref.okay
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+.
+
+
+.gpg.passphrase.enter
+# (keep a leading empty line)
+
+Please enter the passhrase; this is a secret sentence.
+.
+
+
+.gpg.passphrase.repeat
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.gpg.detached_signature.filename
+Give the name of the file to which the signature applies.
+.
+
+.gpg.openfile.overwrite.okay
+# openfile.c (overwrite_filep)
+Answer "yes" if it is okay to overwrite the file.
+.
+
+.gpg.openfile.askoutname
+# openfile.c (ask_outfile_name)
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.gpg.ask_revocation_reason.code
+# revoke.c (ask_revocation_reason)
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+.
+
+.gpg.ask_revocation_reason.text
+# revoke.c (ask_revocation_reason)
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+.
+
+
+
+
+.gpgsm.root-cert-not-trusted
+# This text gets displayed by the audit log if
+# a root certificates was not trusted.
+The root certificate (the trust-anchor) is not trusted. Depending on
+the configuration you may have been prompted to mark that root
+certificate as trusted or you need to manually tell GnuPG to trust that
+certificate. Trusted certificates are configured in the file
+trustlist.txt in GnuPG's home directory. If you are in doubt, ask
+your system administrator whether you should trust this certificate.
+
+
+.gpgsm.crl-problem
+# This tex is displayed by the audit log for problems with
+# the CRL or OCSP checking.
+Depending on your configuration a problem retrieving the CRL or
+performing an OCSP check occurred. There are a great variety of
+reasons why this did not work. Check the manual for possible
+solutions.
+
+
+# Local variables:
+# mode: default-generic
+# coding: utf-8
+# End:
diff --git a/doc/help.zh_CN.txt b/doc/help.zh_CN.txt
new file mode 100644
index 0000000..e000fa0
--- /dev/null
+++ b/doc/help.zh_CN.txt
@@ -0,0 +1,233 @@
+# help.zh_CN.txt - zh_CN GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+在这里指定的数值完全由您自己决定;这些数值永远ä¸ä¼šè¢«è¾“出给任何第三方。
+我们需è¦å®ƒæ¥å®žçŽ°â€œä¿¡ä»»ç½‘络â€ï¼›è¿™è·Ÿéšå«å»ºç«‹èµ·æ¥çš„“验è¯ç½‘络â€æ— å…³ã€‚
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+è¦å»ºç«‹èµ·ä¿¡ä»»ç½‘络,GnuPG 需è¦çŸ¥é“哪些密钥是å¯ç»å¯¹ä¿¡ä»»çš„――通常
+就是您拥有ç§é’¥çš„那些密钥。回答“yesâ€å°†æ­¤å¯†é’¥è®¾æˆå¯ç»å¯¹ä¿¡ä»»çš„
+
+.
+
+.gpg.untrusted_key.override
+如果您无论如何è¦ä½¿ç”¨è¿™æŠŠæœªè¢«ä¿¡ä»»çš„密钥,请回答“yesâ€ã€‚
+.
+
+.gpg.pklist.user_id.enter
+输入您è¦é€’é€çš„报文的接收者的用户标识。
+.
+
+.gpg.keygen.algo
+选择使用的算法。
+
+DSA (ä¹Ÿå« DSS)å³â€œæ•°å­—ç­¾å算法â€(美国国家标准),åªèƒ½å¤Ÿç”¨ä½œç­¾å。
+
+Elgamal 是一ç§åªèƒ½ç”¨ä½œåŠ å¯†çš„算法。
+
+RSA å¯ä»¥ç”¨ä½œç­¾å或加密。
+
+第一把密钥(主钥)必须具有签å的能力。
+.
+
+.gpg.keygen.algo.rsa_se
+通常æ¥è¯´ç”¨åŒä¸€æŠŠå¯†é’¥ç­¾ååŠåŠ å¯†å¹¶ä¸æ˜¯ä¸ªå¥½ä¸»æ„。这个算法åªåœ¨ç‰¹å®šçš„情况
+下使用。请先咨询安全方é¢çš„专家。
+.
+
+.gpg.keygen.size
+请输入密钥的尺寸
+.
+
+.gpg.keygen.size.huge.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keygen.size.large.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keygen.valid
+请输入æ示所è¦æ±‚的数值。
+您å¯ä»¥è¾“å…¥ ISO 日期格å¼(YYYY-MM-DD),但是出错时您ä¸ä¼šå¾—到å‹å¥½çš„å“应
+――系统会å°è¯•å°†ç»™å®šå€¼è§£é‡Šä¸ºæ—¶é—´é—´éš”。
+.
+
+.gpg.keygen.valid.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keygen.name
+请输入密钥æŒæœ‰äººçš„åå­—
+.
+
+.gpg.keygen.email
+请输入电å­é‚®ä»¶åœ°å€(å¯é€‰é¡¹ï¼Œä½†å¼ºçƒˆæŽ¨è使用)
+.
+
+.gpg.keygen.comment
+请输入注释(å¯é€‰é¡¹)
+.
+
+.gpg.keygen.userid.cmd
+N 修改姓å。
+C 修改注释。
+E 修改电å­é‚®ä»¶åœ°å€ã€‚
+O 继续产生密钥。
+Q 中止产生密钥。
+.
+
+.gpg.keygen.sub.okay
+如果您å…许生æˆå­é’¥ï¼Œè¯·å›žç­”“yesâ€(或者“yâ€)。
+.
+
+.gpg.sign_uid.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.sign_uid.class
+当您为æŸæŠŠå¯†é’¥ä¸ŠæŸä¸ªç”¨æˆ·æ ‡è¯†æ·»åŠ ç­¾å时,您必须首先验è¯è¿™æŠŠå¯†é’¥ç¡®å®žå±žäºŽ
+ç½²å于它的用户标识上的那个人。了解到您曾多么谨慎地对此进行过验è¯ï¼Œå¯¹å…¶
+他人是éžå¸¸æœ‰ç”¨çš„
+
+“0†表示您对您有多么仔细地验è¯è¿™æŠŠå¯†é’¥çš„问题ä¸è¡¨æ€ã€‚
+
+“1†表示您相信这把密钥属于那个声明是主人的人,但是您ä¸èƒ½æˆ–根本没有验
+ è¯è¿‡ã€‚如果您为一把属于类似虚拟人物的密钥签å,这个选择很有用。
+
+“2†表示您éšæ„地验è¯äº†é‚£æŠŠå¯†é’¥ã€‚例如,您验è¯äº†è¿™æŠŠå¯†é’¥çš„指纹,或比对
+ 照片验è¯äº†ç”¨æˆ·æ ‡è¯†ã€‚
+
+“3†表示您åšäº†å¤§é‡è€Œè¯¦å°½çš„验è¯å¯†é’¥å·¥ä½œã€‚例如,您åŒå¯†é’¥æŒæœ‰äººéªŒè¯äº†å¯†
+ 钥指纹,而且通过查验附带照片而难以伪造的è¯ä»¶(如护照)确认了密钥æŒ
+ 有人的姓å与密钥上的用户标识一致,最åŽæ‚¨è¿˜(通过电å­é‚®ä»¶å¾€æ¥)验è¯
+ 了密钥上的电å­é‚®ä»¶åœ°å€ç¡®å®žå±žäºŽå¯†é’¥æŒæœ‰äººã€‚
+
+请注æ„上述关于验è¯çº§åˆ« 2 å’Œ 3 的说明仅是例å­è€Œå·²ã€‚最终还是由您自己决定
+当您为其他密钥签å时,什么是“éšæ„â€ï¼Œè€Œä»€ä¹ˆæ˜¯â€œå¤§é‡è€Œè¯¦å°½â€ã€‚
+
+如果您ä¸çŸ¥é“应该选什么答案的è¯ï¼Œå°±é€‰â€œ0â€ã€‚
+.
+
+.gpg.change_passwd.empty.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keyedit.save.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keyedit.cancel.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keyedit.sign_all.okay
+如果您想è¦ä¸ºæ‰€æœ‰ç”¨æˆ·æ ‡è¯†ç­¾åçš„è¯å°±é€‰â€œyesâ€
+.
+
+.gpg.keyedit.remove.uid.okay
+如果您真的想è¦åˆ é™¤è¿™ä¸ªç”¨æˆ·æ ‡è¯†çš„è¯å°±å›žç­”“yesâ€ã€‚
+所有相关认è¯åœ¨æ­¤ä¹‹åŽä¹Ÿä¼šä¸¢å¤±ï¼
+.
+
+.gpg.keyedit.remove.subkey.okay
+如果å¯ä»¥åˆ é™¤è¿™æŠŠå­é’¥ï¼Œè¯·å›žç­”“yesâ€
+.
+
+.gpg.keyedit.delsig.valid
+这是一份在这把密钥上有效的签å;通常您ä¸ä¼šæƒ³è¦åˆ é™¤è¿™ä»½ç­¾å,
+因为è¦ä¸Žè¿™æŠŠå¯†é’¥æˆ–拥有这把密钥的签å的密钥建立认è¯å…³ç³»å¯èƒ½
+相当é‡è¦ã€‚
+.
+
+.gpg.keyedit.delsig.unknown
+这份签å无法被检验,因为您没有相应的密钥。您应该暂缓删除它,
+直到您知é“此签å使用了哪一把密钥;因为用æ¥ç­¾å的密钥å¯èƒ½ä¸Ž
+其他已ç»éªŒè¯çš„密钥存在信任关系。
+.
+
+.gpg.keyedit.delsig.invalid
+这份签å无效。应当把它从您的钥匙环里删除。
+.
+
+.gpg.keyedit.delsig.selfsig
+这是一份将密钥与用户标识相è”系的签å。通常ä¸åº”删除这样的签å。
+事实上,一旦删除,GnuPGå¯èƒ½ä»Žæ­¤å°±ä¸èƒ½å†ä½¿ç”¨è¿™æŠŠå¯†é’¥äº†ã€‚因此,
+åªæœ‰åœ¨è¿™æŠŠå¯†é’¥çš„第一个自身签åå› æŸäº›åŽŸå› å¤±æ•ˆï¼Œè€Œæœ‰ç¬¬äºŒä¸ªè‡ªèº«ç­¾
+å­—å¯ç”¨çš„情况下æ‰è¿™ä¹ˆåšã€‚
+.
+
+.gpg.keyedit.updpref.okay
+用现有的首选项更新所有(或选定的)用户标识的首选项。所有å—å½±å“的自身签
+字的时间戳都会增加一秒钟。
+
+.
+
+.gpg.passphrase.enter
+请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­
+
+.
+
+.gpg.passphrase.repeat
+请å†æ¬¡è¾“入上次的密ç ï¼Œä»¥ç¡®å®šæ‚¨åˆ°åº•é”®å…¥äº†äº›ä»€ä¹ˆã€‚
+.
+
+.gpg.detached_signature.filename
+请给定è¦æ·»åŠ ç­¾å的文件å
+.
+
+.gpg.openfile.overwrite.okay
+如果å¯ä»¥è¦†ç›–这个文件,请回答“yesâ€
+.
+
+.gpg.openfile.askoutname
+请输入一个新的文件å。如果您直接按下了回车,那么就会使用显示在括
+å·ä¸­çš„默认的文件å。
+.
+
+.gpg.ask_revocation_reason.code
+您应该为这份åŠé”€è¯ä¹¦æŒ‡å®šä¸€ä¸ªåŽŸå› ã€‚æ ¹æ®æƒ…境的ä¸åŒï¼Œæ‚¨å¯ä»¥ä»Žä¸‹åˆ—清å•ä¸­
+选出一项:
+ “密钥已泄æ¼â€
+ 如果您相信有æŸä¸ªæœªç»è®¸å¯çš„人已å–得了您的ç§é’¥ï¼Œè¯·é€‰æ­¤é¡¹ã€‚
+ “密钥已替æ¢â€
+ 如果您已用一把新密钥代替旧的,请选此项。
+ “密钥ä¸å†è¢«ä½¿ç”¨â€
+ 如果您已决定让这把密钥退休,请选此项
+ “用户标识ä¸å†æœ‰æ•ˆâ€
+ 如果这个用户标识ä¸å†è¢«ä½¿ç”¨äº†ï¼Œè¯·é€‰æ­¤é¡¹ï¼›è¿™é€šå¸¸ç”¨è¡¨æ˜ŽæŸä¸ªç”µå­é‚®
+ 件地å€å·²ä¸å†æœ‰æ•ˆã€‚
+
+.
+
+.gpg.ask_revocation_reason.text
+您也å¯ä»¥è¾“入一串文字,æè¿°å‘布这份åŠé”€è¯ä¹¦çš„ç†ç”±ã€‚请尽é‡ä½¿è¿™æ®µæ–‡
+字简明扼è¦ã€‚
+键入一空行以结æŸè¾“入。
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.zh_TW.txt b/doc/help.zh_TW.txt
new file mode 100644
index 0000000..800dad9
--- /dev/null
+++ b/doc/help.zh_TW.txt
@@ -0,0 +1,245 @@
+# help.zh_TW.txt - zh_TW GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+在這裡指派的數值完全是看妳自己決定; 這些數值永é ä¸æœƒè¢«åŒ¯å‡ºçµ¦å…¶ä»–人.
+我們需è¦å®ƒä¾†å¯¦æ–½ä¿¡ä»»ç¶²çµ¡; 這跟 (自動建立起的) 憑證網絡一點關係也沒有.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+è¦å»ºç«‹èµ·ä¿¡ä»»ç¶²çµ¡, GnuPG 需è¦çŸ¥é“哪些金鑰是被徹底信任的 -
+那些金鑰通常就是妳有辦法存å–到ç§é‘°çš„. 回答 "yes" 來將這些
+金鑰設æˆè¢«å¾¹åº•ä¿¡ä»»çš„
+
+.
+
+.gpg.untrusted_key.override
+如果妳無論如何想è¦ä½¿ç”¨é€™æŠŠæœªè¢«ä¿¡ä»»çš„金鑰, 請回答 "yes".
+.
+
+.gpg.pklist.user_id.enter
+輸入妳è¦éžé€çš„訊æ¯æŽ¥æ”¶è€…的使用者 ID.
+.
+
+.gpg.keygen.algo
+è«‹é¸æ“‡è¦ä½¿ç”¨çš„演算法.
+
+DSA (äº¦å³ DSS) 是數ä½ç°½ç« æ¼”算法 (Digital Signature Algorithm),
+祇能用於簽署.
+
+Elgamal 是祇能用於加密的演算法.
+
+RSA å¯ä»¥è¢«ç”¨ä¾†ç°½ç½²åŠåŠ å¯†.
+
+第一把 (主è¦çš„) 金鑰一定è¦å«æœ‰èƒ½ç”¨æ–¼ç°½ç½²çš„金鑰.
+.
+
+.gpg.keygen.algo.rsa_se
+通常來說用åŒä¸€æŠŠé‡‘鑰簽署åŠåŠ å¯†ä¸¦ä¸æ˜¯å€‹å¥½ä¸»æ„.
+這個演算法應該祇被用於特定的情æ³ä¸‹.
+è«‹å…ˆè¯çµ¡å¦³çš„安全專家.
+.
+
+.gpg.keygen.size
+請輸入金鑰的尺寸
+.
+
+.gpg.keygen.size.huge.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keygen.size.large.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keygen.valid
+請輸入æ示裡所è¦æ±‚的數值.
+妳å¯ä»¥è¼¸å…¥ ISO æ—¥æœŸæ ¼å¼ (YYYY-MM-DD), 但是ä¸æœƒå¾—到良好的錯誤回應 -
+å之, 系統會試著把給定的數值中斷æˆè‹¥å¹²ç‰‡æ®µ.
+.
+
+.gpg.keygen.valid.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keygen.name
+請輸入金鑰æŒæœ‰äººçš„åå­—
+.
+
+.gpg.keygen.email
+請輸入é¸ç”¨ (但強烈建議使用) çš„é›»å­éƒµä»¶ä½å€
+.
+
+.gpg.keygen.comment
+請輸入é¸ç”¨çš„註釋
+.
+
+.gpg.keygen.userid.cmd
+N 修改姓å.
+C 修改註釋.
+E 修改電å­éƒµä»¶ä½å€.
+O 繼續產生金鑰.
+Q 中止產生金鑰.
+.
+
+.gpg.keygen.sub.okay
+如果妳覺得產生å­é‘°å¯ä»¥çš„話, 就回答 "yes" (æˆ–è€…ç¥‡è¦ "y").
+.
+
+.gpg.sign_uid.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.sign_uid.class
+當妳在æŸæŠŠé‡‘鑰上簽署æŸå€‹ä½¿ç”¨è€… ID, 妳首先必須先驗證那把
+金鑰確實屬於那個使用者 ID 上å«é‚£å€‹å字的人. 這å°é‚£äº›çŸ¥é“
+妳多å°å¿ƒé©—證的人來說很有用.
+
+"0" 表示妳ä¸èƒ½æ出任何特別的主張來表明
+ 妳多仔細驗證那把金鑰
+
+"1" 表示妳相信這把金鑰屬於那個主張是主人的人,
+ 但是妳ä¸èƒ½æˆ–沒有驗證那把金鑰.
+ 這å°é‚£äº›ç¥‡æƒ³è¦ "個人的" 驗證的人來說很有用,
+ 因為妳簽署了一把擬似匿å使用者的金鑰.
+
+"2" 表示妳真的仔細驗證了那把金鑰.
+ 例如說, 這能表示妳驗證了這把金鑰的指紋和
+ 使用者 ID, 並比å°äº†ç…§ç‰‡ ID.
+
+"3" 表示妳真的åšäº†å¤§è¦æ¨¡çš„驗證金鑰工作.
+ 例如說, 這能表示妳å‘金鑰æŒæœ‰äººé©—證了金鑰指紋,
+ 而且妳é€éŽé™„帶照片而難以å½é€ çš„文件 (åƒæ˜¯è­·ç…§)
+ 確èªäº†é‡‘é‘°æŒæœ‰äººçš„姓å與金鑰上使用者 ID 的一致,
+ 最後妳還 (é€éŽé›»å­éƒµä»¶å¾€ä¾†) 驗證了金鑰上的
+ é›»å­éƒµä»¶ä½å€ç¢ºå¯¦å±¬æ–¼é‡‘é‘°æŒæœ‰äºº.
+
+請注æ„上述關於等級 2 å’Œ 3 çš„ä¾‹å­ "祇是" 例å­è€Œå·².
+最後, 還是得由妳自己決定當妳簽署其他金鑰時,
+甚麼是 "漫ä¸ç¶“心", 而甚麼是 "超級謹慎".
+
+如果妳ä¸çŸ¥é“應該é¸ç”šéº¼ç­”案的話, å°±é¸ "0".
+.
+
+.gpg.change_passwd.empty.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keyedit.save.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keyedit.cancel.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keyedit.sign_all.okay
+如果妳想è¦ç°½ç½² *所有* 使用者 ID 的話就回答 "yes"
+.
+
+.gpg.keyedit.remove.uid.okay
+如果妳真的想è¦åˆªé™¤é€™å€‹ä½¿ç”¨è€… ID 的話就回答 "yes".
+所有的憑證在那之後也都會失去!
+.
+
+.gpg.keyedit.remove.subkey.okay
+如果刪除這把å­é‘°æ²’å•é¡Œçš„話就回答 "yes"
+.
+
+.gpg.keyedit.delsig.valid
+這是一份在這把金鑰上有效的簽章; 通常妳ä¸æœƒæƒ³è¦åˆªé™¤é€™ä»½ç°½ç« ,
+因為è¦è·Ÿåˆ¥çš„金鑰建立起信任連çµ, 或由這把金鑰所簽署的金鑰憑證
+會是一件相當é‡è¦çš„事.
+.
+
+.gpg.keyedit.delsig.unknown
+這份簽章無法被檢驗, 因為妳沒有符åˆçš„金鑰. 妳應該延緩刪除它,
+直到妳知é“哪一把金鑰被使用了; 因為這把來簽署的金鑰å¯èƒ½é€éŽ
+其他已經驗證的金鑰建立了一個信任連çµ.
+.
+
+.gpg.keyedit.delsig.invalid
+這份簽章無效. 把它從妳的鑰匙圈裡移去相當åˆç†.
+.
+
+.gpg.keyedit.delsig.selfsig
+這是一份和這個金鑰使用者 ID 相繫的簽章. 通常
+把這樣的簽章移除ä¸æœƒæ˜¯å€‹å¥½é»žå­. 事實上 GnuPG
+å¯èƒ½å¾žæ­¤å°±ä¸èƒ½å†ä½¿ç”¨é€™æŠŠé‡‘鑰了. 所以祇有在這
+把金鑰的第一個自我簽章因æŸäº›åŽŸå› ç„¡æ•ˆ, 而第二
+個還å¯ç”¨çš„情æ³ä¸‹çº”這麼åš.
+.
+
+.gpg.keyedit.updpref.okay
+變更所有 (或祇有被é¸å–的那幾個) 使用者 ID çš„å好æˆç¾ç”¨çš„å好清單.
+所有å—到影響的自我簽章的時間戳記都會增加一秒é˜.
+
+.
+
+.gpg.passphrase.enter
+請輸入密語; 這是一個秘密的å¥å­
+
+.
+
+.gpg.passphrase.repeat
+è«‹å†æ¬¡è¼¸å…¥æœ€å¾Œçš„密語, 以確定妳到底éµé€²äº†äº›ç”šéº¼.
+.
+
+.gpg.detached_signature.filename
+請給定簽章所è¦å¥—用的檔案å稱
+.
+
+.gpg.openfile.overwrite.okay
+如果覆寫這個檔案沒有å•é¡Œçš„話就回答 "yes"
+.
+
+.gpg.openfile.askoutname
+請輸入一個新的檔å. 如果妳直接按下了 Enter, 那麼
+就會使用é è¨­çš„檔案 (顯示在括號中).
+.
+
+.gpg.ask_revocation_reason.code
+妳應該為這份憑證指定一個原因.
+根據情境的ä¸åŒ, 妳應該å¯ä»¥å¾žé€™å€‹æ¸…單中é¸å‡ºä¸€é …:
+ "金鑰已經被洩æ¼äº†"
+ 如果妳相信有æŸå€‹æœªç¶“許å¯çš„傢伙å–得了妳的ç§é‘°çš„話,
+ å°±é¸é€™å€‹.
+ "金鑰被代æ›äº†"
+ 如果妳把妳的金鑰æ›æˆæ–°çš„了, å°±é¸é€™å€‹.
+ "金鑰ä¸å†è¢«ä½¿ç”¨äº†"
+ 如果妳已經撤回了這把金鑰, å°±é¸é€™å€‹.
+ "使用者 ID ä¸å†æœ‰æ•ˆäº†"
+ 如果這個使用者 ID ä¸å†è¢«ä½¿ç”¨äº†, å°±é¸é€™å€‹;
+ 這通常用來表示æŸå€‹é›»å­éƒµä»¶ä½å€ä¸å†æœ‰æ•ˆäº†.
+
+.
+
+.gpg.ask_revocation_reason.text
+妳也å¯ä»¥è¼¸å…¥ä¸€ä¸²æ–‡å­—來æ述為甚麼發佈這份撤銷憑證的ç†ç”±.
+請讓這段文字ä¿æŒç°¡æ˜Žæ‰¼è¦.
+éµå…¥ç©ºç™½åˆ—以çµæŸé€™æ®µæ–‡å­—.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi
new file mode 100644
index 0000000..ce6dd2f
--- /dev/null
+++ b/doc/howto-create-a-server-cert.texi
@@ -0,0 +1,288 @@
+@node Howto Create a Server Cert
+@section Creating a TLS server certificate
+
+
+Here is a brief run up on how to create a server certificate. It has
+actually been done this way to get a certificate from CAcert to be used
+on a real server. It has only been tested with this CA, but there
+shouldn't be any problem to run this against any other CA.
+
+Before you start, make sure that gpg-agent is running. As there is no
+need for a configuration file, you may simply enter:
+
+@cartouche
+@example
+ $ gpgsm-gencert.sh >a.p10
+ Key type
+ [1] RSA
+ [2] Existing key
+ [3] Direct from card
+ Your selection: 1
+ You selected: RSA
+@end example
+@end cartouche
+
+I opted for creating a new RSA key. The other option is to use an
+already existing key, by selecting @kbd{2} and entering the so-called
+keygrip. Running the command @samp{gpgsm --dump-secret-key USERID}
+shows you this keygrip. Using @kbd{3} offers another menu to create a
+certificate directly from a smart card based key.
+
+Let's continue:
+
+@cartouche
+@example
+ Key length
+ [1] 1024
+ [2] 2048
+ Your selection: 1
+ You selected: 1024
+@end example
+@end cartouche
+
+The script offers two common key sizes. With the current setup of
+CAcert, it does not make much sense to use a 2k key; their policies need
+to be revised anyway (a CA root key valid for 30 years is not really
+serious).
+
+@cartouche
+@example
+ Key usage
+ [1] sign, encrypt
+ [2] sign
+ [3] encrypt
+ Your selection: 1
+ You selected: sign, encrypt
+@end example
+@end cartouche
+
+We want to sign and encrypt using this key. This is just a suggestion
+and the CA may actually assign other key capabilities.
+
+Now for some real data:
+
+@cartouche
+@example
+ Name (DN)
+ > CN=kerckhoffs.g10code.com
+@end example
+@end cartouche
+
+This is the most important value for a server certificate. Enter here
+the canonical name of your server machine. You may add other virtual
+server names later.
+
+@cartouche
+@example
+ E-Mail addresses (end with an empty line)
+ >
+@end example
+@end cartouche
+
+We don't need email addresses in a server certificate and CAcert would
+anyway ignore such a request. Thus just hit enter.
+
+If you want to create a client certificate for email encryption, this
+would be the place to enter your mail address
+(e.g. @email{joe@@example.org}). You may enter as many addresses as you like,
+however the CA may not accept them all or reject the entire request.
+
+@cartouche
+@example
+ DNS Names (optional; end with an empty line)
+ > www.g10code.com
+ DNS Names (optional; end with an empty line)
+ > ftp.g10code.com
+ DNS Names (optional; end with an empty line)
+ >
+@end example
+@end cartouche
+
+Here I entered the names of the servers which actually run on the
+machine given in the DN above. The browser will accept a certificate for
+any of these names. As usual the CA must approve all of these names.
+
+@cartouche
+@example
+ URIs (optional; end with an empty line)
+ >
+@end example
+@end cartouche
+
+It is possible to insert arbitrary URIs into a certificate; for a server
+certificate this does not make sense.
+
+We have now entered all required information and @command{gpgsm} will
+display what it has gathered and ask whether to create the certificate
+request:
+
+@cartouche
+@example
+ Parameters for certificate request to create:
+ 1 Key-Type: RSA
+ 2 Key-Length: 1024
+ 3 Key-Usage: sign, encrypt
+ 4 Name-DN: CN=kerckhoffs.g10code.com
+ 5 Name-DNS: www.g10code.com
+ 6 Name-DNS: ftp.g10code.com
+
+ Really create such a CSR?
+ [1] yes
+ [2] no
+ Your selection: 1
+ You selected: yes
+@end example
+@end cartouche
+
+@command{gpgsm} will now start working on creating the request. As this
+includes the creation of an RSA key it may take a while. During this
+time you will be asked 3 times for a passphrase to protect the created
+private key on your system. A pop up window will appear to ask for
+it. The first two prompts are for the new passphrase and for re-entering it;
+the third one is required to actually create the certificate signing request.
+
+When it is ready, you should see the final notice:
+
+@cartouche
+@example
+ gpgsm: certificate request created
+@end example
+@end cartouche
+
+Now, you may look at the created request:
+
+@cartouche
+@example
+ $ cat a.p10
+ -----BEGIN CERTIFICATE REQUEST-----
+ MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB
+ nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg
+ HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS
+ wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm
+ Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP
+ d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD
+ gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA
+ IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0
+ eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw=
+ -----END CERTIFICATE REQUEST-----
+ $
+@end example
+@end cartouche
+
+You may now proceed by logging into your account at the CAcert website,
+choose @code{Server Certificates - New}, check @code{sign by class 3 root
+certificate}, paste the above request block into the text field and
+click on @code{Submit}.
+
+If everything works out fine, a certificate will be shown. Now run
+
+@cartouche
+@example
+$ gpgsm --import
+@end example
+@end cartouche
+
+and paste the certificate from the CAcert page into your terminal
+followed by a Ctrl-D
+
+@cartouche
+@example
+ -----BEGIN CERTIFICATE-----
+ MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl
+ cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD
+ ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2
+ MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq
+ hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y
+ ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7
+ 8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y
+ MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
+ BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF
+ oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy
+ dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j
+ b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9
+ aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn
+ W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM
+ fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3
+ mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj
+ NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0
+ 6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U
+ BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3
+ gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha
+ 94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU
+ rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs
+ Rtct3tIX
+ -----END CERTIFICATE-----
+ gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found
+ gpgsm: certificate imported
+
+ gpgsm: total number processed: 1
+ gpgsm: imported: 1
+@end example
+@end cartouche
+
+gpgsm tells you that it has imported the certificate. It is now
+associated with the key you used when creating the request. The root
+certificate has not been found, so you may want to import it from the
+CACert website.
+
+To see the content of your certificate, you may now enter:
+
+@cartouche
+@example
+ $ gpgsm -K kerckhoffs.g10code.com
+ /home/foo/.gnupg/pubring.kbx
+ ---------------------------
+ Serial number: 4C
+ Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...]
+ Subject: /CN=kerckhoffs.g10code.com
+ aka: (dns-name www.g10code.com)
+ aka: (dns-name ftp.g10code.com)
+ validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51
+ key type: 1024 bit RSA
+ key usage: digitalSignature keyEncipherment
+ ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
+ fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57
+@end example
+@end cartouche
+
+I used @option{-K} above because this will only list certificates for
+which a private key is available. To see more details, you may use
+@option{--dump-secret-keys} instead of @option{-K}.
+
+
+To make actual use of the certificate you need to install it on your
+server. Server software usually expects a PKCS\#12 file with key and
+certificate. To create such a file, run:
+
+@cartouche
+@example
+ $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem
+@end example
+@end cartouche
+
+You will be asked for the passphrase as well as for a new passphrase to
+be used to protect the PKCS\#12 file. The file now contains the
+certificate as well as the private key:
+
+@cartouche
+@example
+ $ cat kerckhoffs-cert.pem
+ Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...]
+ Serial ...: 4C
+ Subject ..: /CN=kerckhoffs.g10code.com
+ aka ..: (dns-name www.g10code.com)
+ aka ..: (dns-name ftp.g10code.com)
+
+ -----BEGIN PKCS12-----
+ MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu
+ [...many more lines...]
+ -----END PKCS12-----
+ $
+@end example
+@end cartouche
+
+Copy this file in a secure way to the server, install it there and
+delete the file then. You may export the file again at any time as long
+as it is available in GnuPG's private key database.
+
+
diff --git a/doc/howtos.texi b/doc/howtos.texi
new file mode 100644
index 0000000..bd48de0
--- /dev/null
+++ b/doc/howtos.texi
@@ -0,0 +1,15 @@
+@c Copyright (C) 2007 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Howtos
+@chapter How to do certain things
+
+This is a collection of small howto documents.
+
+@menu
+* Howto Create a Server Cert:: Creating a TLS server certificate.
+@end menu
+
+
+@include howto-create-a-server-cert.texi
diff --git a/doc/instguide.texi b/doc/instguide.texi
new file mode 100644
index 0000000..d6815e2
--- /dev/null
+++ b/doc/instguide.texi
@@ -0,0 +1,91 @@
+@c instguide.texi - Installation guide for GnuPG
+@c Copyright (C) 2006 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Installation
+@chapter A short installation guide.
+
+Unfortunately the installation guide has not been finished in time.
+Instead of delaying the release of GnuPG 2.0 even further, I decided to
+release without that guide. The chapter on gpg-agent and gpgsm do
+include brief information on how to set up the whole thing. Please
+watch the GnuPG website for updates of the documentation. In the
+meantime you may search the GnuPG mailing list archives or ask on the
+gnupg-users mailing listsfor advise on how to solve problems or how to
+get that whole thing up and running.
+
+** Building the software
+
+Building the software is decribed in the file @file{INSTALL}. Given
+that you are already reading this documentation we can only give some
+extra hints
+
+To comply with the rules on GNU systems you should have build time
+configured @command{dirmngr} using:
+
+@example
+./configure --sysconfdir=/etc --localstatedir=/var
+@end example
+
+This is to make sure that system wide configuration files are searched
+in the directory @file{/etc/gnupg} and variable data below @file{/var};
+the default would be to also install them below @file{/usr/local} where
+the binaries get installed. If you selected to use the
+@option{--prefix=/} you obviously don't need those option as they are
+the default then.
+
+
+
+** Explain how to setup a root CA key as trusted
+
+
+Such questions may also help to write a proper installation guide.
+
+[to be written]
+
+
+XXX Tell how to setup the system, install certificates, how dirmngr relates
+to GnuPG etc.
+
+** Explain how to setup a root CA key as trusted
+
+X.509 is based on a hierarchical key infrastructure. At the root of the
+tree a trusted anchor (root certificate) is required. There are usually
+no other means of verifying whether this root certificate is trustworthy
+than looking it up in a list. GnuPG uses a file (@file{trustlist.txt})
+to keep track of all root certificates it knows about. There are 3 ways
+to get certificates into this list:
+
+@itemize
+@item
+Use the list which comes with GnuPG. However this list only
+contains a few root certificates. Most installations will need more.
+
+@item
+Let @command{gpgsm} ask you whether you want to insert a new root
+certificate. To enable this feature you need to set the option
+@option{allow-mark-trusted} into @file{gpg-agent.conf}. In general it
+is not a good idea to do it this way. Checking whether a root
+certificate is really trustworthy requires decisions, which casual
+users are not up to. Thus, by default this option is not enabled.
+
+@item
+Manually maintain the list of trusted root certificates. For a multi
+user installation this can be done once for all users on a machine.
+Specific changes on a per-user base are also possible.
+@end itemize
+
+XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
+
+
+** How to get the ssh support running
+
+XXX How to use the ssh support.
+
+
+@section Installation Overview
+
+XXXX
+
+
diff --git a/doc/opt-homedir.texi b/doc/opt-homedir.texi
new file mode 100644
index 0000000..e382f63
--- /dev/null
+++ b/doc/opt-homedir.texi
@@ -0,0 +1,10 @@
+@c This option is included at several places.
+@item --homedir @var{dir}
+@opindex homedir
+Set the name of the home directory to @var{dir}. If this option is not
+used, the home directory defaults to @file{~/.gnupg}. It is only
+recognized when given on the command line. It also overrides any home
+directory stated through the environment variable @env{GNUPGHOME} or
+(on W32 systems) by means of the Registry entry
+@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+
diff --git a/doc/qualified.txt b/doc/qualified.txt
new file mode 100644
index 0000000..c0e4da5
--- /dev/null
+++ b/doc/qualified.txt
@@ -0,0 +1,243 @@
+# This is the list of root certificates used for qualified
+# certificates. They are defined as certificates capable of creating
+# legally binding signatures in the same way as a handwritten
+# signatures are. Comments like this one and empty lines are allowed
+# Lines do have a length limit but this is not a serious limitation as
+# the format of the entries is fixed and checked by gpgsm: A
+# non-comment line starts with optional whitespaces, followed by
+# exactly 40 hex character, whitespace and a lowercased 2 letter
+# country code. Additional data delimited with by a whitespace is
+# current ignored but might late be used for other purposes.
+#
+# Note: The subversion copy of this file carries a gpg:signature
+# property with its OpenPGP signature. Check this signature before
+# adding entries:
+# svn pg gpg:signature qualified.txt | gpg --verify - qualified.txt
+# to create a new signature:
+# f=qualified.txt; gpg -sba $f && svn ps gpg:signature -F $f.asc $f
+
+#*******************************************
+#
+# Belgium
+#
+# Need to figure out a reliable source.
+#*******************************************
+
+
+
+#*******************************************
+#
+# Germany
+#
+# The information for Germany is available
+# at http://www.bundesnetzagentur.de
+#*******************************************
+
+#Serial number: 32D18D
+# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# Subject: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# validity: 2001-02-01 09:52:17 through 2005-06-01 09:52:17
+# key type: 1024 bit RSA
+# key usage: certSign crlSign
+#[checked: 2005-11-14]
+EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 de
+
+
+#Serial number: 00C48C8D
+# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# Subject: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# validity: 2001-10-15 11:15:15 through 2006-02-15 11:15:15
+# key type: 1024 bit RSA
+# key usage: certSign crlSign
+#[checked: 2005-11-14]
+DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de
+
+
+#Serial number: 01
+# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# Subject: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# validity: 2004-11-25 14:10:37 through 2007-12-31 14:04:03
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 de
+
+
+#Serial number: 02
+# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 de
+
+
+#Serial number: 2A
+# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2005-08-03 15:30:36 through 2007-12-31 15:09:23
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD de
+
+
+#Serial number: 2D
+# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2005-08-03 18:09:49 through 2007-12-31 18:04:28
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de
+
+
+# ID: 0x5B4757B0
+# S/N: 0139
+# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2007-05-25 11:01:44 through 2012-05-25 10:56:07
+# key type: 2048 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+# [checked: 2008-06-25]
+44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de
+
+# ID: 0x46A2CC8A
+# S/N: 013C
+# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2007-05-29 11:02:37 through 2012-05-29 10:55:54
+# key type: 2048 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+# [checked: 2008-06-25]
+AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de
+
+
+#
+# D-Trust root certificates. Probably by shifting a lot of Euros to
+# laywer companies, German CAs achieved to get the permission to
+# create their own legally binding root certificates - independent of
+# the Bundesnetzagentur. The main problem with this is that it is
+# hard to figure out what qualified root certificates are actually
+# active. There is now no way to be sure whether a signature is a
+# qualified one. A pettifogger's way of validating certificates.
+#
+
+#Serial number: 00B95F
+# Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+# Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+# aka: info@d-trust.net
+# aka: (uri http://www.d-trust.net)
+# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke]
+E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de
+
+
+#Serial number: 00B960
+# Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+# Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+# aka: info@d-trust.net
+# aka: (uri http://www.d-trust.net)
+# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke]
+98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04 de
+
+
+#
+# S-Trust root certificates.
+#
+
+#Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2
+# Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9 de
+
+#Serial number: 00BC098E0402E92956B8D7DE74977E26F7
+# Issuer: /CN=S-TRUST Qualified Root CA 2007-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2007-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# validity: 2007-01-01 00:00:00 through 2011-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC de
+
+
+# ID: 0xA8FEA3CA
+# S/N: 00B3963E0E6C2D65125853E970665402E5
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2008-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
+# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
+# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
+C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de
+
+# ID: 0x3A7D979B
+# S/N: 00C4216083F35C54F67B09A80C3C55FE7D
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2008-002:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
+# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
+# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
+D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de
+
+
+#*******************************************
+#
+# End of file
+#
+#*******************************************
diff --git a/doc/samplekeys.asc b/doc/samplekeys.asc
new file mode 100644
index 0000000..34eea8d
--- /dev/null
+++ b/doc/samplekeys.asc
@@ -0,0 +1,939 @@
+ pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
+ uid Werner Koch <wk@gnupg.org>
+ uid Werner Koch <wk@g10code.com>
+ sub 1024D/77F95F95 2011-11-02
+ sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31]
+
+ pub 4096R/99242560 2002-01-28
+ uid David M. Shaw <dshaw@jabberwocky.com>
+
+ pub 1024D/87978569 1999-05-13
+ uid Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
+ uid Marcus Brinkmann
+ uid Marcus Brinkmann <brinkmd@debian.org>
+ uid Marcus Brinkmann <mb@g10code.de>
+ uid Marcus Brinkmann <mb@g10code.com>
+ sub 2048g/C3AF90C1 1999-05-13
+ sub 1024R/08AEA692 2006-04-14
+ sub 1024R/FCD2A293 2006-04-14
+ sub 1024R/233A942F 2006-04-14
+
+ pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
+ uid Werner Koch (dist sig)
+ sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
+
+ pub 1024D/5B0358A2 1999-03-15 [expired: 2011-07-11]
+ uid Werner Koch <wk@gnupg.org>
+ uid Werner Koch <wk@g10code.com>
+ uid Werner Koch
+ uid Werner Koch <werner@fsfe.org>
+
+ pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31]
+ uid Werner Koch (gnupg sig) <dd9jn@gnu.org>
+
+ pub 1024D/B2D7795E 2001-01-04
+ uid Philip R. Zimmermann <prz@mit.edu>
+ uid Philip R. Zimmermann <prz@acm.org>
+ uid [jpeg image of size 3369]
+ uid [jpeg image of size 3457]
+ uid Philip R. Zimmermann <prz@philzimmermann.com>
+ sub 3072g/A8E92834 2001-01-04
+
+ pub 1024R/1CE0C630 2006-01-01 [expired: 2011-06-30]
+ uid Werner Koch (dist sig) <dd9jn@gnu.org>
+
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4
+3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW
+G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3
+RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68
+N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvy
+TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY
+urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq
+bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9
+quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv
+Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGEEExECACECF4AFCQ4Uh/0F
+AkG8aF4GCwkIBwMCAxUCAwMWAgECHgEACgkQaLeriVdUjc0EkwCfTXfXdqDS2COs
+ZRm0OUphuY0h4x4AnRSlWyPGnKUFxKOw8TwwCSLsdvZHmQGiBDbtSOkRBACURhKn
+GIFyXIeX61GAY9hJA5FgG4UalV55ohdz4whBgDzDGLE3XYlO8HCn4ggKilll6MOw
+Y0yZeg6PEU9Y3SqTzpQSV6qj2M7MgcS8xOpi6bNCu0iyZUik0KklUXMdI8e/CVmB
+pQJT9CofbD1dsP6z4dC6z3jil0+5Wbfw6yIXzwCgy/7Fagq5mN0H760/JEiiXILS
+1n0D/3H26lTaxo1vGput9Td1FQN7Vn6YDP0/To5ipsOODROV3zyUwF5QleY+8zTF
+JA3qD5KxRfA726WELOF1mB6Mw44UdkPniOoGdMH5oSx6qnNnlVZBBu3U+e1qfQwL
+QjHu0WX4Z2q00DKpWLThGv7Loh5NKi6OfTbMhfHoevCAzQnmA/wKc6J8GqthENTh
+KXxZaei3Ep0t+PlBmbUzuAYCXZhI6/0KyD6emyQ7LYIaPv9qEfMkMLhxicG0v/AA
+wOCBRKS3bkqc6wAYaO0bjUHJvem3HkWPux82t83+6YPyRnVjm/mwt0uEyKSvt7Md
+2DVrO3lEcKRkRHiYuf0nonPhl5Rs5bQaV2VybmVyIEtvY2ggPHdrQGdudXBnLm9y
+Zz6IawQTEQIAIwIXgAIZAQULBwoDAgMVAgMDFgIBAh4BBQJGtcWFBQkXLil/ABIH
+ZUdQRwABAQkQXeJJllsDWKJBTACfQI8TnuVIxE88u2napOMyUfoWZSMAn2t47LUM
+uyDEHRcYvEBiP/SRVvsrtBxXZXJuZXIgS29jaCA8d2tAZzEwY29kZS5jb20+iGME
+ExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAKCRBd4kmW
+WwNYomksAJ4q+Lv3fDvzDJl4JcOmzWHPsPg2QQCdHcj5DwCCM7YnRLiE58ApHdrg
+11S0C1dlcm5lciBLb2NoiGMEExECABsDCwoDAxUDAgMWAgECF4AFAka1xZEFCRcu
+KX8AEgdlR1BHAAEBCRBd4kmWWwNYokHUAKCKSLq+i1yHrG8ZXqJRk+d4SyanGwCe
+KFwqqRr3tbae+m4iK+EcyY+BR2a0HVdlcm5lciBLb2NoIDx3ZXJuZXJAZnNmZS5v
+cmc+iGMEExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAK
+CRBd4kmWWwNYomC9AKCOTnRhGus67gV2k+8K2SwytYDqVQCfcaEJKu8EBd0sx3F0
+24GX/RNwnZq5AQsEQF3bKQEIANEoVLSVnD/YxrBL3s/edXK3YUX1dZvyyLtP0mCX
+41EX3e6pQ4gLXmze7lJU9zB0iGgbTjBgodMsqHIECMWnhrN8uaIgEMOnfsNjdIC0
+lPpOyBQtH7IWRdtG+4g5Tk3/RbHOsroknCUVUTJo9fvOZZUowKP5IyPYWuaW25VL
+RoJ/SKjef3ttQC+5Td2CNMWgepbjTXuyZ9sThUzCctiLf/VJL2zTKwozo/HnIQze
+hCI5b/2lLjzBIV+zeVeLw3UGKSA91TkUUD7kEZJSHHIV/6Wp2PBwHIELstPd0KsV
+5ZA4vRR5WHrAbjw7rePyO57uZ9Ob7nn25ecP8nrk+IdxlOcABimITwQYEQIADwUC
+QF3bKQIbDAUJA1jvAAAKCRBd4kmWWwNYohLWAKCgnbPg6cDR1W3tkz894CwpcDQo
+VQCfcBXfK5kpfhYfDk+d/mwuYXktSSW5AQsEQ7gWIgEIANFah4LB/iVUglBqEzvK
+0VG88yuRJlDLTvb8jr/hA8qxocj4eegHw+NOYGnIEMsrxjo5/djWE1vvvF76baD7
+xar8FQoe9SLUX7HOzOmeLG0yv5A6LLpTuQIkDp8a+rSqbOtcZy/mteka9bDJl/KZ
+MtbhfZYqA0vxuE4PLS4n1lH9+GMTuecgeAhuhKcEBQ8cKwj0EW6axtTwUqwokI4G
+rOIcTIMduLHu4/oHJiyUfa1TD1Z1BTxjOjaZaiOCFemMTtRPS0BvhA1N3C6suCIQ
+gfm6awzjd6WvX/ad3ToqKBBf41HgyrK1H7bwm0QQq9QvAlmmYTGzgH44HjHyX7ot
+zT8ABimITwQYEQIADwUCQ7gWIgIbDAUJA8EVgAAKCRBd4kmWWwNYol3LAJ43JG07
+X/IjKI2Si1hF87nLfG4ehwCcDIDiNrFrvTaxGziI9H9ZYmQyASq5AaIER3ko1BEE
+AITOSpTeW3g46dEaTnGDrre9/WrhXvHzL7kP1TpzYC4jig7C2t63xUgLCgmv17ie
+C9j+VqiK6olGPIL8y5RdHjJgStNAL+psZ0kjx2yGACUpgDky49hRtfxWGuohJnBH
+Upsp/2DGOCyL0nlzkvJRIVdIZAMgYYmnGu8atilHpHb/AKD/aYLuxeQfHRjylB8y
+Od7iHEE7VwP/QSxhwtSQWXdgz/KyTwjAjN69JGNx6iUKrwNiPLphEufYi0EzdKkr
+xltkTLuZYmd+yoxMKvoKHAOgLe+RcnF9ZZDc2XUjujIlu0lDIe0/2xUXJYQ3zKza
+St1qbzuk414SzRjkisVUne/GuJNuM2wAwTSmeGXhO/fgc++1MiuLdr8D/j/T8lfN
+S48czJ0eF+/VG2FG5l+JVucRbvmBWilVWFXWOTWyoFuqQ+8t6uHAdlyyxZlgt3rZ
+WsU6r2vQ+ayELJ3nny4zZdxlBA8O2XbpV3fXf5NlUsZWY3/tifySOwHIQRvJX0NA
+Sz2Ao4qXBKF7CM6sZzlbXja6XHZyUG5p3anAiJcEGBECAA8FAkd5KNQCGwIFCQah
+TGwAUgkQXeJJllsDWKJHIAQZEQIABgUCR3ko1AAKCRDNP81ePVLCghD5AJ46ond0
+H0ny3nPQrXI5/CQxk12YzACfR+j9+k0y+vLYfzuDCWoSuLeWuvBYygCePPYlR8Tt
+yegne86Z/xquxNFgFjsAoL6wDuo4gsI+6/bzSNlyrkUYmLO7uQENBEd5KWMBCADe
+LY1DPSaB2NyWLeaLLTa1G0QTIXp2y6FpLvgC/PIzR8InRxNhkBDaswFBPuc/oASN
+QCvXTCjFsgPvc1jS6UpTHY3NnZlxB6s5NbW1YDPQE1CklJ73uNU9r8aBxMhsrzoq
+VO/PzLqUhcwWp/6sBjyFz5Zb+WNip4Id9J+ej537r2UJo/GiMh3JOWgp5/SqUTWz
+wowtU111eROlURVh6wrG11ZbQqFo7qMY1lAut8Vt4vJxKvjTdlls7fhRfPwmcxBD
+XxZycPOKO8VF3XJPI3bVxkoKFRuOJZK/fHnghgEYwrviKiG0vDISUOTqOE63haot
+a72gUUlDTJGrorvNO8C/ABEBAAGITwQYEQIADwUCR3kpYwIbDAUJBp/6XQAKCRBd
+4kmWWwNYohbBAKDA1ZUpbI3OWd+5Efnj482Urmv47gCgtXRryMuxJZ8MWhfBZ0Yq
+vH7DeKC5AaIEQF3aTxEEAP9SgfIbIPL6BQ1nqoblsTYoiwWPL48uBZPjkDfy8XsV
+R5V9aRQlggC4x4/MD3Ip5AUgReI7PcHnp4m3vcVLXPl+/7i7hAwd84iKzgN8I8VW
+0EevflcNm7nbWEnpjaGxJWFbhSLI1DmqnafoU8nZgGp2QoE+flgGDd559C3SiHRT
+AKDbqgS3EDhTbwfS+bAhW5Xi8/2CPwP9HueeuW9M/cyt8UvliLsj2eYMEIy7CeSL
+O13XfnqCjcnHK+b59/ADd99dpMaq3gKj7Aj1RIsRV2qWDJpDNXVxP7Cy+FzxelQs
+ytPQOV8H8AkB+RgmSyfxlNRUkC3sQU6jR9IwmPD4iB5fp/SqUpn++77TAArXqsfH
+bmlnwcuU1EAD/i7CEhxLBYS1N77hwxL8DWCqjpi+1PKG+6dc0BQFIU3uUhbzLGfq
+EobUDhveqgtlsvoEZ/lR8RgMv/uOjXEgiATQyTEa7s3M2vjXlpLjXjzklma3Lqmc
+am3dEf/5OR02yZif6hPU/x8f/VQle0kKNKdOCV1+dlo8aJH2UIZRRIvtiJcEGBEC
+AA8CGwIFCQcbVgAFAkR1rB0AUkcgBBkRAgAGBQJEdawTAAoJEGB4TpQBClft2RMA
+n1XiL/bC9hByZInCJTaCd8WS8kYCAKCfpAWwLIxkfwAeD/RI+2p00nQfvAkQXeJJ
+llsDWKKx7QCguc4/HiEs64Ey5p6Yihy67X8E0YsAnRXMFdXVP7ww8uldljPiD1Tg
+yurpiEYEEBECAAYFAjc3I8UACgkQ9u7fIBhLxNmHZQCglWbPDznIcnOxdDW+k7Yg
+A9+/n00An1ZjSiJipverUxLEFHAbSBWI0IntiEYEEBECAAYFAjc6+aMACgkQdQ9k
+lcidkz6GiwCdGe0KSP/vSyEZM/GClQXvjMD4RvMAoJwyTIdcjPZbQizDeAO3btn2
+CCwTiEYEEBECAAYFAjgUDhkACgkQYAeQgHPH80+I2gCdHeTAPusmEfN2bdkijpW1
+gpxBvGoAn1kzL7Mg7tC4pqlqw2fV3kRUy1a5iEYEEBECAAYFAjgqYh4ACgkQ4/JY
+VBKPDnkPkACgmzk7HMlJ1h0qw6OHyMtDE4RI4ToAni+Cm+01pHfzh0EnFQTvLE1M
+9PtoiEYEEBECAAYFAjnKOw4ACgkQK7tDpvCerwquXwCfbW9xGF2AHQakBPakh61x
+KmC8WEEAn3TytfY5qrTjxIj2HZFKN5QuQpYSiEYEEBECAAYFAjnKiy8ACgkQF6ZB
+bfeUj9ombQCfYQYxpipdMGBxbNd8jbL9RDmH3nMAoITmZnDJwXzpHNuSLY8o3c5Y
+hHXziEYEEBECAAYFAjnKnXcACgkQNfZhfFE679le7gCggQjsjFhjaIO1lWHfPusn
+0dqdhRYAn3rOW0XSeh64V9o+VItH2LZngmNAiEYEEBECAAYFAjnLMigACgkQUaz2
+rXW+gJcIVgCfRRq0G2fCcZOFoey9uZGAkWctKsQAoLw6lUhdeZDgULrDC7OQRIk7
+CnMtiEYEEBECAAYFAjnPp1IACgkQkVrMRaj0wv0IqwCfWGMeiZ58ysuZCAP9IsX3
+aKcSPtcAoJno1COOjAMhoWjUiHctgLZX9+gTiEYEEBECAAYFAjnQ39UACgkQbyOL
+wk/aWgxfIwCfb/GeMAD8w84hq5/aUQMCvVqUYqAAn07SKuWYsZLEUuPWIgYY0yoB
+yJxviEYEEBECAAYFAjnSCrEACgkQv+EgZWshSJq8jACfdf20dqs3IWOPHgFMdYb5
+VF+WkJUAn05quvyHB3Xug8csxWg6RwSfQBTBiEYEEBECAAYFAjpMy0UACgkQ7UaB
+yb89+bRUrQCg6aozpYiCEDPVAHe54/8/q48FLP8AniviG9fjxInPaSKB+LXRmQjc
+2jLZiEYEEBECAAYFAjqJgd8ACgkQYogE2yD8bPYGagCggMsqGJN61JuOQkY5MiKb
+4UPQpBwAniNYwQb+hlEzJF7qnPECh0MAxq8OiEYEEBECAAYFAjrBCNQACgkQt1an
+jIgqbEu30gCdEsSeFtJ5KziD5l/CvAhVZt9lnQUAnRrmbV8HkndXp3+DNoREgscZ
+k/rliEYEEBECAAYFAjrB0SkACgkQ0vCiU5+ISsiPkgCeOFayt7NkcymwTC2UKNjj
+yukNDvAAoLq/bOTNZECtztYIMDQ2VrzZ3m6KiEYEEBECAAYFAjr1eYsACgkQ7A6v
+cTZ3gCXdrQCgllIx6G2DkKSGKBhYCgsyywFBXLUAn2PJGrCOov0LS8jCMD2Xo4T7
+qfsjiEYEEBECAAYFAjr1mwEACgkQLBigKrTF83+E4ACffa4yaJ6Pj4uFZY7dVuiO
+fkuoTE8AniIdw0DVkHBuxlNp9PAglhztyE+oiEYEEBECAAYFAjtFbTsACgkQ53Xj
+JNtBs4ex3wCfXLPNscM4Uxtmy0/t5Ygg9lDWEQAAnR39P9eJtEeBtMPfbEGYc10A
+BqjkiEYEEBECAAYFAjtF2QAACgkQI/q1+wgWzBuJgACeIak+A98IheVSowXG4J6j
+zBA439MAn2IFA8EB/EkQ1rn7OEmFNX++PNZyiEYEEBECAAYFAjtF8RYACgkQJ4bC
+RH+KQBfSwgCaAvm7pL+LioYj/oKDBQ1pJAj+UqMAn10W8RKrYblMZ4L11R2TO9xO
+vFn6iEYEEBECAAYFAjtIDxYACgkQBgac8paUV/DLWACgifbHtSi50JxmSr18Wofe
+VcVcAXUAoJs99aH6/t9gkO34ajXjiIQxc0qMiEYEEBECAAYFAjtIJ18ACgkQ11ld
+N0tyliUx5gCggbhG1uzvdgHNY8oCt4cc6TfHUREAoJuRw8q2kbztnt8TQ4mjiTIN
+cBXziEYEEBECAAYFAjtJwaAACgkQUI/TY7yTaDkPjgCcDSJQUZBBP/5OvW48Q3BU
+kUkRSQkAn1Mjqe4WTFEEA8HK5h+KDcqR0aZIiEYEEBECAAYFAjtKFVcACgkQliSD
+4VZixzSYCgCeJpt98LMq02q9W1bK5iPUvCkcsSYAn1dqFcoXctXVnMj53z8zfAaW
+0BcwiEYEEBECAAYFAjtLFwcACgkQDqdWtRRIQ/XMGQCdH1u9tmtUYY3ExVLdT/H2
+IIQCU3MAoI69Y4Z17RDh4Bj2gmJwmEAmfDwbiEYEEBECAAYFAjtMF8oACgkQ1w1f
+WGA80Hj2mwCfazudYZSMmQWO85xZvg0uTB3rhZQAn3DSyrvXxIpmv0CcnBtUQu5N
+21kSiEYEEBECAAYFAjtRuWUACgkQ5DsVPMtGficbLACeNpRJOS9AZ7q7bhX2sBJg
+lKLloTsAoLm5FTnY6iAySfPZZlwAVeE6zMJwiEYEEBECAAYFAjtSxD8ACgkQO/YJ
+xouvzb1F7ACfVp8vhxAWCeRZN3InlvYLrxFTng4An1QO6+D3QUjX+0YRNZ3tpZDT
+Sd6QiEYEEBECAAYFAjtXQl8ACgkQeRYvNvf2qtklNwCfcg4Tss3C9Nf6NiyOAHhX
+O4JLhtkAn055IHb4i2IO5TQLSQi0tk4ktZVfiEYEEBECAAYFAjtnOlkACgkQwAsN
+NiHlPr2cagCg07IN1/MaXn+8yd4Ncp9/723gEBgAnjNCoGAAccbvCCVE29sXBNAv
+Uo8MiEYEEBECAAYFAjuYRI4ACgkQkC29kYw4qQpqwACfcyB4krJFqyeHoKzRYDqW
+8JDUdvcAn2pa3UDeKM7FVe8LgCQyz0McM4JqiEYEEBECAAYFAjwH+10ACgkQ2tKw
+XV88MYVF8gCeMoYaFN7v/VDmuYt+G1BXDxzcuusAnR8fAcIyBjSffB0yEIwaA7O9
+X7ZxiEYEEBECAAYFAjwIEdIACgkQaliC34RARgJ9zgCfS1K0bROVSB+9wX4g+xEE
+0phEAToAn3etSLME5hzsisIRMjUsGbBDe7+aiEYEEBECAAYFAjwjtVQACgkQRHJT
+9Ar9DKjv+QCbBE3lRMzyKxTbPUd9v+nB8EVqv4cAn0DxPkAIkuriAuwtOjCypTDN
+ydyxiEYEEBECAAYFAjxdq0AACgkQ7vDbNLMhJgNwvwCeMc0QmOS0ctJOX1J9a3DW
+kMyUdf4An3iIslZ7stkMOi1VdyE5fR2YDvNFiEYEEBECAAYFAjxw4+MACgkQGM0l
+pSLzivNlngCeLdkkRkcyHVKttl6Z9IQExE+gaNsAnRko+7BQOu5jXMfGarg1rE2z
+DhsFiEYEEBECAAYFAjxxJxIACgkQscRzFz57S3PkJwCg3qepdTsiNKuGYC6a1RlJ
+ZTBqkiEAn2G6ypvCpWAL43LWbMbyyf/rYxSoiEYEEBECAAYFAjxxQYIACgkQOhqm
+NZCaVAYvbACgz9mXzo/nC64mx03IFgL8oFuBAhIAoL91NILXxGYrkaOnM+2Ci20U
+vA3ZiEYEEBECAAYFAjxzeIMACgkQo+C50no0+t5J7QCgpSCgGQ8eMefvsDsF0DlE
+ZzuAHNoAoK1TFwuK7ZowUQJyWp1tKDtNDbx3iEYEEBECAAYFAjx+gfMACgkQjjtz
+nt0rzJ3/dgCgnDMnLna3yPskxeVf32wDbTHLxf0AnjWCw4lfYauS0LumGv9uHN9P
+aErhiEYEEBECAAYFAjyAY8EACgkQ14NrbAzZIOdEPgCgt5DiZfRFkvzAPecRDCIp
+3pOdUwkAnjj1CDE+Kzg2RiK9Z73QM8B0J4driEYEEBECAAYFAjyBd5kACgkQ/3vb
+rZlD49+lmwCfS9apz+gEHsRV6ELS4NtCLvrJsRkAn3AexpisdP+8KwolieJwaVPi
+tN2giEYEEBECAAYFAjyMzCQACgkQhbmQdcKRDkGoiACaAqrwXn6kf3aD7wss1rgQ
+mrCtJKIAoIU6uifoxBubp2+YjW6kjbnkFMD0iEYEEBECAAYFAjyXNDoACgkQoegC
+cNp0M5aGrgCeLBRQ8CAVzPO8OTz2TMFqYLIbFrcAoK2qJqojmF2+THtFCHz0hhiB
+AekNiEYEEBECAAYFAjyXNjgACgkQg2i7WWb7wYxzxwCfcrZ5yTwjn9Sh1S/yL3MB
+KBs8uxUAn0pC4GgIsbbaxcf1QA5AYwFiPcPEiEYEEBECAAYFAjyxODEACgkQJXt5
+TsZsoD0pVgCfTIJ88OFNFlnUFoNZemDdbd4ZqEsAn1y5ZyCl5SYkqFTGiVtkgtII
+EhK7iEYEEBECAAYFAjyxguAACgkQeuuK7Uc6ScnBgACfUlQrrDUb78b93JEvThA/
+f1ZankIAni448ZxagzPjnj/vH33yK14agnq0iEYEEBECAAYFAjyxj4MACgkQocWS
+fM5dzg4qigCdHrjYquNu2aphWggG5E0G6zCW5MEAn1NQJmKkTEUsbanbVOBx1G5w
+vYkeiEYEEBECAAYFAjyyhzsACgkQVlEzpFDUq7k99gCeMJc5KvC2gAHgCVjv6Hn7
+AKgY+rMAnRFIrjunb1Sh77542URoWAVmuPN0iEYEEBECAAYFAjzyIFQACgkQX180
+7qC7Pev9PgCfcW15D2cS4UTkn11BSqn+pgrA4KIAoKzLDc78X3OFDzVXTOvk8V89
+OshGiEYEEBECAAYFAj1uHIwACgkQKMb1a4F8NWhPPQCaAprFvggEHBTVR+KWzm0Z
+3l9ijLIAnAw2QtJ1Mlnz0ctNwSJwORM87/ARiEYEEBECAAYFAj2ERksACgkQ1Dyz
+BZX+yjSzyACgjUKL3CH2UYciEAarZU9H0ZYIIWQAnA6I1aJ0FgWiF2bd/jgWaBL2
+jtd4iEYEEBECAAYFAj2F5U4ACgkQdZc6ENbQhKbt/gCfblKSqJohqhaFawtXPs8T
+X1UqY/sAnjqwumhFN4YAAez36gItTB9BxcmJiEYEEBECAAYFAj43BmIACgkQkQgh
+ntzeiQqeGACfSyyIi1vPniQOq8xLfgjDxFkkVEYAoJSFbH8uhrwBMa8aOIRkjN9u
+RdY2iEYEEBECAAYFAj+Q/gMACgkQdt8qX2QD4/2lhwCgnv3QSQPCGbmTI67mtAxl
+9d4rZ4UAn1WXmoSknE2WYeqRUb6d4wAhG/jViEYEEBECAAYFAkCnUpQACgkQt+hx
+Iz4tn22gnwCfTWoR3vhEv0yp1Ks/vz7jow0Tw6QAn3YXgQn0DS9/9u7AyG5gjh18
+VLtuiEYEEBECAAYFAkCnUqEACgkQt+hxIz4tn22dOACgjeYArERuayyqZmozCahs
+gUyPihMAn0PkgZDTwKgSw690xdLuR2rWJrPQiEYEEBECAAYFAkGD05gACgkQ9oi/
+YaVie2EkhgCg582nMvFSTXDb/PdF0+kZTBQTCGQAmwSEka7EMzOzoCxEefZd+GQm
+EdcXiEYEEBECAAYFAkGGD60ACgkQ6gnEQD//YGyIWQCgruyF9KSG2GuqPVQIsizC
+CV8rjPcAnRQsBzfw9QLM960FP64YWUCqhYkYiEYEEhECAAYFAj0EW94ACgkQj/Ea
+xd/oD7Lv2ACfUACXl0hDfGeEdbGjhIa/hSaZCrkAmwV4SdeJnBoXV22VBEekmTfz
+HKHEiEYEExECAAYFAjyvU4oACgkQ6pxm6rn41tmEewCbB4FZ6z6dmSJ2epBIdeoS
+8KHLNhEAn2ZcUDKfuFpVVDuV/bMhpjbbHJRIiEYEExECAAYFAj0FswMACgkQoWMM
+j3Tgt2a46gCdFwSWzfEmyuvfjnmNPzCyvdO2R2cAoJRl1Ibl/2hPXjenl1f08pQL
+ThZAiEYEExECAAYFAj0GRB8ACgkQKb5dImj9VJ8FHACcDjdyCPMWjSbrXKCVFjDt
+uapl428AnRSI7e1VYRJcVdGmrAtmu360GrQpiEYEExECAAYFAj2J/ScACgkQ74J3
+yv6ZHpg4ogCgj8BllYTJEQ5sF62Qd2q9o2FNJ8cAn2K/7zpy9M/Oig+yIYofaN+5
+fnUUiEYEExECAAYFAj4ykiMACgkQaqtaJwF/Vr1MmgCfcNfOOm6/woHpEtuFVgYX
+vUh0tG4AnRTPBwdemHFViOojNJ0glWck/84ciEYEExECAAYFAkDa3nAACgkQRTxF
+SQIw1gIZCQCg/jjaczO/s9GkLq/kftPN8A6kLr8AoPwGlVzoq5yWxhgCkEMfV+KI
+tmDViEYEExECAAYFAkGE+RcACgkQ3ZHkUS+VgsFX/ACfRYBeswRWTHOdc4gLefxU
+VSGbj8wAnA3CWEF3MQOIpJQ5KSFLE2104h5riEYEExECAAYFAkGNFPwACgkQ+C5c
+wEsrK56k8QCguxJO7l5effxWbaYOgeVko8HiQ80AoKSJGsOZGx1nvQRKeRK/7DrZ
+bB2piEYEExECAAYFAkGqFTYACgkQztt/8ZMtg2MVMgCfZevJcAcVXa4hUUJSjkWo
+0j/b9MkAn2HZC4sNs9nMN1PvX95Ge39wfBEKiEYEExECAAYFAkIrN0cACgkQi0rE
+gawecV4jeQCdF+GUDJuQnCaFZqw6sNgZtol0UncAn1/VQvGDB0Or+JItHnUlCU98
+URNXiEkEExECAAkFAkGD3AUCBwAACgkQQSganqDijRh6lQCgmgm1rqgdF3qYuDQn
+/S1vFxggwpIAn1htaL3fD6o4LnT/8BIm6K6tPGPWiEwEEBECAAwFAj0BE/8Fgwa1
+sWoACgkQFBE43aPkXWatjQCdF96DM2kdreTGbWTKjTMTuwB3AtYAoOxTFERoyUCn
+7nTsufD4QpxIkJCiiEwEEBECAAwFAj2GAuUFgwYwwoQACgkQU+KFTgvh8OP+lgCf
+TLjRfVihRNQQ/MVIuHttesX/s/4An1ZBth8G2EvCfiOU2KoOjl3MZUJ4iEwEEBEC
+AAwFAj+ObrAFgwQoVrkACgkQCmLlNDenkUkzjQCeIR3z4h7TMEeNI9Sy5/4Sgclj
+9WsAoK9yVbdDuWQJQh/ZBUpx0GjxMSW1iEwEEBECAAwFAj+SeAcFgwQkTWIACgkQ
+78vN/2HwW4xfggCgg+yTSXldBhvFoDXoAeOwcC74YqkAn0b+tC5AZ2BQkg0vJXZ6
+tFXuOvhaiEwEEBECAAwFAkCoZL4FgwmwcCoACgkQEgljnRFKqFxfngCfbXYSsBtM
+M5hcUCsnm9IvyCmMhgAAnjtDe7q+5cW/JmzE3illB+u8fc9DiEwEEBECAAwFAkC/
+Rz8FgwmZjakACgkQ2S0k392WXIP5uwCfTlmW1u9U3nck5mCo6DeTHNTmUvkAn2jn
+jXhvqKoLfS2ERRwQlFFAw6NRiEwEEBECAAwFAkDbVF4Fgwl9gIoACgkQ9ijrk0dD
+IGxiBQCeJIrdN0kFT16KL4COSILMmcjVxygAni6OinWWNJqCk+k+BNIvKpm+QKm2
+iEwEEBECAAwFAkDxIncFgwlnsnEACgkQkvv9V4b8pZK7gACgwOU8kI9ZBzryS+Hx
+AeWEo4WjeC8Anjl67/wgPGr4XAS/XA1xmWzRwZiPiEwEEBECAAwFAkGsm40Fgwis
+OVsACgkQLEmBxMM0hsB4NgCeLxvQw1g9MSpWY9+2VbSK/4vNd4EAnicGGKdS3Zy4
+8E4GBZr62ZmWjr/iiEwEEBECAAwFAkHCEoIFgwiWwmYACgkQGFnQH2d7oezd+QCe
+JzuPIHb2H/PX1R9NYqC6z+63wFsAmgJUX4Ei+WzKGs2r8LVtIo03nc/niEwEEBEC
+AAwFAkHCKOAFgwiWrAgACgkQgcL36+ITtpJ6eQCfQ5aTW9WLJNVWTdp4fi618YDd
+nNEAn36Vz84EsZ0gpO0Je9S+geCrffj6iEwEEBECAAwFAkHCKTAFgwiWq7gACgkQ
+a3Ds2V3D9HOXdgCg91Pqo7tiv00Je9XoTIJq82ug6gsAn2Q37v0WzuggX1xyzDSR
+7oxz77owiEwEEBECAAwFAkIi82wFgwg14XwACgkQ2KgHx8zsInvpsgCfdHcjOaK7
+aK1MBAYBaWwkK4rfd7kAoKxblxsQzllz7sLvFbK7xG2ipuNJiEwEEBECAAwFAkIo
+ngEFgwgwNucACgkQLADuUthSlVgXawCcCbstExBnVkd/fHvatuzJ3sJ0g0gAn1t1
+CmnaMwV/HVQlUhfqefYlVN3giEwEEBECAAwFAkJTjYsFgwgFR10ACgkQlvNNek/0
+hjUNPgCfRJZleAq/j/4tbek4A3/lhgXJha0An1aToz0bp8HSf2NBjW1euvf/4VZC
+iEwEEBECAAwFAkKYjoAFgwfARmgACgkQTbbnG4BhqDBuUgCgyBpzBy8k7OKzjiYr
+KMGIWZqiMiYAnjHdHdzo6dKcV+J3ef4hl3VcLqDfiEwEEBECAAwFAkK9MmEFgweb
+oocACgkQr2QksT29OyBNEACfbNEfltwRZ1RmZEkt9ZTwOJSli5gAn3brUt3vc1JI
+xs8dlkwHV1fSJpH8iEwEEBECAAwFAkK9RW4Fgwebj3oACgkQ62zWxYk/rQd1UACg
+wJNmfL/Cs6bYMFPC1dRrNsf2GtAAnR6K37k2u63FX1lbg4aSMLCcNviCiEwEEBEC
+AAwFAkLinZ0Fgwd2N0sACgkQ9D5yZjzIjAkhqgCgj/Uy+2Xvfw9FAwPdWSaC+o4A
+VUEAoIvJ06LeJppo5EQqEt1mc8bYV1UjiEwEEBECAAwFAkLlBZcFgwdzz1EACgkQ
+g2E6UBaCfQMWAwCgk0N+XcWaLDssH7wYu0EtOFW1kKUAn3Vq83yrmg+F4TvieNmP
+hhqTP6W2iEwEEhECAAwFAj5ecYsFgwVYU94ACgkQUF6IRyLnX0ugAwCgnZ5NnBWJ
+3j9/7slzg5Iy/pU6UesAoLaNJiUgVfg+h3uP4vUJhum91P/biEwEEhECAAwFAj97
+CToFgwQ7vC8ACgkQW7P1GVgWeRq/ZACeL6lVKkE1iFiC/YonlBzLqNAdVkgAoIBH
+8VYDXLRIgBpyfSdwc1YxTeDDiEwEEhECAAwFAj+P7j8FgwQm1yoACgkQKLKVw/Ru
+rbuqxACfb1X6tBq7g3z5HgfCXv2sm2gQI5sAn1JLb8gDxuSRcWMHulGZY0hZJfvy
+iEwEEhECAAwFAkCn2cEFgwmw+ycACgkQt5wosOl/hW1B0wCgiQGkFQEonh2cRtw1
+xXowakWqx/EAnjp2Du5T+xpOdf4O+JwV5DmtKqW+iEwEEhECAAwFAkGE6LYFgwjT
+7DIACgkQGKDMjVcGpLQO+QCgsc+A/SO9bY78+ul2KU+7SCcztq8AnRbnT0G0HnJd
+QYMffrLF5Ing2fP5iEwEEhECAAwFAkGxhHAFgwinUHgACgkQAVLWA9/qxLltoQCg
+24DNLxMnSOcPFPCNLTPkyyjyQu4AoIe0tZDEDS7mvM6RQaHREvCuFIOZiEwEEhEC
+AAwFAkKWAqQFgwfC0kQACgkQi5YpQ/wkPzzhMQCgj+rrxz3tJgTrmh3g3+5rIcWE
+EUYAnjKOFjzGL/7SyFlpehh0Xa3oO69WiEwEEhECAAwFAkLrbeoFgwdtZv4ACgkQ
+wm9wFgHGy4MQfQCffyaecfqcThyxP9FNgZ2Uz4pBwAEAnjMFgtk5JN6gZ+Ztgqe+
+YyYrGvvuiEwEEhECAAwFAkLw+X4Fgwdn22oACgkQWNqWrwuQEUHBCgCgn3XtRj5q
+JxudfYkec540HnkoerEAnR2x0A8LAA49rsbhCiLZlmTaaD67iEwEExECAAwFAj0H
+TRcFgwaveFIACgkQPGLK2OTUMk2IMgCfUXkZfmZrMFIiYO8F/naQMBs/94UAn2Xr
+f2uaISYrPudIbRkxYm+R2NrZiEwEExECAAwFAj14eLIFgwY+TLcACgkQ0BqcGU12
+bN6ruACgi2uFjh4Sy0Kjyd760dvfpa/9jtMAnjHyPQ0tHYSqSZDD9qaQvb/F3PlM
+iEwEExECAAwFAj15MRMFgwY9lFYACgkQcFxTidXBs1halQCgiR5GTSx4fSCqkikz
+rOOOXAonDVcAnRFQ13dmkjLcRy4E8bxLtm8xPyAdiEwEExECAAwFAj2DrfMFgwYz
+F3YACgkQAtbtIeMsT0ugzQCaA50Snyeu82nth0ikNVnzHD4W0eAAnA9WxGBmmpvW
+YOq5LOTy2fVe2P+EiEwEExECAAwFAj2F/AoFgwYwyV8ACgkQ9Wsmo6Y5nnPZcgCf
+UvxNXjoWYEsAYJz3z+MWDeGrfJQAn3slXF9ced2OAN3YgYZNTlIC7UUaiEwEExEC
+AAwFAj2IEOQFgwYutIUACgkQg2XL3N1NTv7QVACgr+C/P7gqGDupYTC21jl07mPf
+G/cAoLZ9zkmr1YF6Br7szUKksSan6fwtiEwEExECAAwFAj2IOwAFgwYuimkACgkQ
+Hb1edYOZ4buWMwCff0YYdFZ7gdc1qjCaeXDhCfLe0OAAn1OJuZ/eKGk+i0V/ScLp
+OMLn/SCCiEwEExECAAwFAj22wZ4FgwYAA8sACgkQVkEm8inxm9HyigCfaNbjyIlH
+YA9cAv8sLkz5uHRoTe4AnRyDPfAFiBPZZhwJNDlmTEColXL/iEwEExECAAwFAj72
+Ip0FgwTAoswACgkQofbulCQLTD21TQCfcKuy3MEjJRrikDBgKtpIP1at2cQAmwRl
+ZNeKOT0UJ4RNt2piAHqTD47giEwEExECAAwFAj72z7wFgwS/9a0ACgkQBYtazUQc
+X4H/jgCfaQXW+LvjoJacVNYrdxhXUYx2a+4AoMQV/y+zjcnaNRbZTH6unq4fBDB5
+iEwEExECAAwFAj8AnloFgwS2Jw8ACgkQMozWs+vCdRW8xQCeJLRNfZLO7twP4DnA
+saP9wNdsI+AAoKChEzuM19HrksvckWmBVafawaPRiEwEExECAAwFAj8Fq5cFgwSx
+GdIACgkQTrg06OLM8A+J1wCgmucpP9rc1NjzPHDFNcQokRbp/REAnRvctW/8AwDa
+H/btQjPtXgQGCbrPiEwEExECAAwFAj+PlHgFgwQnMPEACgkQbHYXjKDtmC0gWwCg
+rfQwM+i6i82wTcXx8LRPVHm//88AnjOiqMYKpGj4cpkwdX2nhUlZEyGOiEwEExEC
+AAwFAj+QUxgFgwQmclEACgkQnQioDO2QjWrbcwCeNw1qkRaDRy3/fl41K0F7fbCq
+q58AnRXqq6031t7zmMdmZDvFlB5M6uFXiEwEExECAAwFAj+Qbb4FgwQmV6sACgkQ
+lSxWI2ynbPR51wCgkZpbx8pnoqj6mmXrUQgJSce7eRMAoJcbGZ0ls3JXAJRD5y0P
+YzznxLIriEwEExECAAwFAj+RGicFgwQlq0IACgkQ46aNyqaY2pkmnQCeLsrSrn63
+Mnhc7lwklc3UHlYHQLwAniZuyemrUEsU0fdQKHdafHg471iPiEwEExECAAwFAj+S
+mrkFgwQkKrAACgkQtamfe9tFLSc5AwCfaA0hJcLIfm1Eek+X2hs01q3f2lMAn04y
+qK1H85hZ+77goaEBj2YEEiYsiEwEExECAAwFAj+TKtsFgwQjmo4ACgkQrSAagZQ6
+Xw5tYQCbBE8yHKPJrUivqIYiVJL8y7voOqAAoJc/HBTNTrRSxyjK7nPmyBYlbY8m
+iEwEExECAAwFAj+UBecFgwQiv4IACgkQOiUrvZ0kS1UvJwCg2Lw5xCu5/pUTEFEr
+cShPUDM3uDIAoNLDQt61O5Wego+ez43N2N8doSqFiEwEExECAAwFAj+VCZoFgwQh
+u88ACgkQTDL5CJndlGiZvgCgiM3ez6j21lBLfJnMIKhGMrMhW/gAn0WLirWDnek/
+f9iDEMVcGMEnwOOciEwEExECAAwFAj+cMmsFgwQakv4ACgkQNgJWU6vgsQY8MQCc
+DE5hjYq9uHuyC7ZnBg47a5BkVdsAoNxLfUY6DeCekwPu3e+3qJsbwib7iEwEExEC
+AAwFAj/UdIUFgwPiUOQACgkQW5ql+IAeqTKRqACfd21FYGEziCv14kLK2bD6ghb8
+0jUAni5XNqaFLg8i+0bg/MSQVf88ZQKziEwEExECAAwFAkDcUg4Fgwl8gtoACgkQ
+zQ+com69o1nN6gCfUXjD5LUESFXa08Px3pbfXidXAuAAoMJ1/H/oFgcer7t+tACN
+2vC8GGYsiEwEExECAAwFAkDkGbAFgwl0uzgACgkQHckf8471INHpVQCfV67np1ke
+Bn20I5JABN5Swm51B+EAnRxMBVbypQcppBhdWnxQadrjhHVqiEwEExECAAwFAkDu
+oKIFgwlqNEYACgkQyA90Wa3Cns2o+wCgjBXhs2mEn9HFs5F8WR4AdTpWp0UAnj/Q
+ls/ZRkcy/RAfAN12XgHOkpyciEwEExECAAwFAkENp5kFgwlLLU8ACgkQK6gmAsLO
+gJlWDQCfe7E7rcFCn9xuL5Rh9MDVVueAJY4AoIL6CdZIlgg9Lt/HG2dDFgwPwbkG
+iEwEExECAAwFAkEYu4wFgwlAGVwACgkQ1W4oD4nfjasGFACgyTFOT3NMOo7DObxu
+lYi+WtYriqUAn1Y740hi4fWeByAn5qoUj8brf24piEwEExECAAwFAkEiMZoFgwk2
+o04ACgkQ+FmQsCSK63O7vwCePBtM5gchuVC3gXAMO7r1A/le76AAoIMM0oq6wuiH
+nT/dUAG858Cw09t0iEwEExECAAwFAkGA8OwFgwjX4/wACgkQsYn2tNI6QchEuQCe
+N/pbbqMBzHuAfWO/g9QfmlmVIW0An2WQXrXoE3xnVp2C85BtML2phOWPiEwEExEC
+AAwFAkGEAf8FgwjU0ukACgkQTjypAm4rQ9yB6ACfYnJx27fjxYsq+5UfQEemQt2V
+O3cAnApE8yUw0B3ZpqCyfRo8JQIb/cJUiEwEExECAAwFAkGEkIoFgwjURF4ACgkQ
+lPH09zrL0iMiigCcCIbdWZPauTvF4Pn724WxH6Qed5EAmwcodEzOE/rElE7fqScR
+mudd8Ur7iEwEExECAAwFAkGEvnwFgwjUFmwACgkQTbPZ7n9FhNqFGgCeNgwyzTJY
+1OABEu/EoBXEUOENxdMAnA6Ul/yxKQihc39VvKQfpdwPGUhRiEwEExECAAwFAkGE
+6B8FgwjT7MkACgkQLMilaHDIrOVJxQCeIJI+GgF1UfUOjkYsjkq260Q72OUAoL0e
+kc/ixpvh4Vs0j1q9Wx0fpQUwiEwEExECAAwFAkGFRwQFgwjTjeQACgkQDecnbV4F
+d/JDbACfW5h+kLB3Y0wokkr/sxy8RFXwp9kAnjMs2yoVbG2ZbkHQV2ZODRF66zuM
+iEwEExECAAwFAkGFVkIFgwjTfqYACgkQqI/9z8xhHubw1wCfWLT8UnjyRQIuxGPP
+WjtGVeezdP4An2GJa9XsZW3yv2eOPAsP93+npZtdiEwEExECAAwFAkGFXLkFgwjT
+eC8ACgkQT6RVPNdrU1mZHgCgq9+wyMgDr96Ism0gY9OxSqMA+88Ani8EIVnKhI6t
+rTzgZLZDrZ5pdzDuiEwEExECAAwFAkGG8eAFgwjR4wgACgkQbHYXjKDtmC3wYACg
+1f05WHi83tg/PMHoBkqlngdDIuIAoK7KZ/to5FrkfNphn6Zo0fozB1n0iEwEExEC
+AAwFAkGHwbsFgwjREy0ACgkQVm02LO4Jd+iS0wCfbUWuTf4DZrjdua5kNdfvk65g
+ojgAoLHPPvTdAlVKacX/rnPD7c36LfuYiEwEExECAAwFAkGH6+oFgwjQ6P4ACgkQ
+TTx8oVVPtMYoQQCfXmZAzk9EjL3qPz50zZgSUO8l3m4An0Xoqn603NHFaHfbBKdt
+WGijlgl5iEwEExECAAwFAkGMPFkFgwjMmI8ACgkQiSG13M0VqIMbDQCfSxC8XNls
+eJ9VQ50GJ66KwSDljmMAn33ApYFWTs8qa/EBIQSgqPlVEBO/iEwEExECAAwFAkGS
+MFkFgwjGpI8ACgkQ/2R3A0yRcenRkgCbB5vYhB0cv0S9X1y54Ci1KmaMDNkAnjeO
+H5rAZQsOQZXoDJPzHNrjYpLciEwEExECAAwFAkGTrb0FgwjFJysACgkQ1mvqN8E/
+x7b7ygCaAyFqMIKTMqQYuQ7hnGpMTx7FPmoAoJtfYoL1pFmVZ5Mhwkv9GFUee+HH
+iEwEExECAAwFAkGZWWUFgwi/e4MACgkQSvFUKpY6VLAkgACgiL8te7hejTXfDXRI
+OAZeVzd76/cAoJbmj0tdYt2QGc3j/4yMnmXrKPC/iEwEExECAAwFAkGc8GEFgwi7
+5IcACgkQV5nlLYTPmpDPdACfbASh9WQ47r2zzcVcjlfbvsz2VvgAn0KtwOo73pm3
+e7aPO/mYlLsP4V9iiEwEExECAAwFAkGqMckFgwiuox8ACgkQdDpVTOTwh9cWbgCf
+aMETpI9v6LZgWuTCzE7DceGsuW8AoIcBSwWGF0XkXpRYcvXfjvAg57+piEwEExEC
+AAwFAkGrJUQFgwitr6QACgkQzop515gBbccEhwCfZhBXUVoNKDbW5mpYGxfKrMfS
+cIgAnj0XoOlYmWWNN1hlKoSQrZSvh4FFiEwEExECAAwFAkG3PJoFgwihmE4ACgkQ
+EfLcQ8rmNEIRiwCgpAzSttJZSiGIffSr4/dixsFUVxAAoIwnyzPthchrUSMR10Av
+PAu8Czm9iEwEExECAAwFAkG4HyoFgwigtb4ACgkQ5Vyxg0d4n7u8mQCfdQ++3anp
+pXuhZp6cQIp1DCCz56AAnRA9B/n9ah1wL+IMjoBhFvgSW7JLiEwEExECAAwFAkG4
+K9cFgwigqREACgkQ4We9YdVB4USYCgCeLsm06Ov/Yoi9lfn4UB0IX3qwBFgAoIPE
+VT2gGxQYua51y70pjVYG6t4eiEwEExECAAwFAkG4Wg0FgwigetsACgkQBMQfNs0k
+hKmYzACfZgUeTlimmFrhBDEV6SsslxvVIGUAoKZR9c4+kfE0+BJ069AUZBkkeRKG
+iEwEExECAAwFAkG5dt4FgwifXgoACgkQPrq84hvwIdMBbgCeJhjUvC1klrCPhWqK
+hyfoKJE+hWYAnitsOnNDnjkKDdKta+mrdL23iPD5iEwEExECAAwFAkHCqnIFgwiW
+KnYACgkQPG1Ayb4vCvZS9ACfROLs6kU6Z93eoFUJl5H1M3U/L3sAoIgAGfCxQ3sA
+DvFiYg11GTGnDzffiEwEExECAAwFAkHq47IFgwht8TYACgkQvdkzt4X+wX/UgACf
+eM81+Z/SliH++ZzOmy5ZR9ljTo8AnA5DGAsPAbdU7j1NN0NXUg53dNvkiEwEExEC
+AAwFAkIIjHoFgwhQSG4ACgkQIqUcje1P4MASOwCeLyBkToAQ+3Bvup4B9POq1xip
+ZNgAnAui9pLAdwaGAZ8w5PFxuS2GoXxEiEwEExECAAwFAkI2qnwFgwgiKmwACgkQ
+1cW3Q8Sn6j4gRACfQWmnt2z+J0tB79JQ50hNEVrYuKEAoNAe1Y5xlLlDTSKJmnwj
+qnN0qaeriFsEExECABsFAjbtSOoFCQzJfIADCwoDAxUDAgMWAgECF4AACgkQXeJJ
+llsDWKK11gCfUgltInjqS+wGOrxfjiGjJsNmVtYAoJLaNHln4KYwLlYOo16kdcB7
+dqUDiF4EExECAB4DCwoDAxUDAgMWAgECF4ACGQEFAkBd2egFCRNri/8ACgkQXeJJ
+llsDCRDs0gCgy5RdOqhFvwUFYWj+dHb4LGt7xi0AoKduFxGMuM/loPShQnjvk/VV
+FesAiIMEExECAEMFAkKVnMMFgwfDOCU2Gmh0dHA6Ly93d3cudmFuaGV1c2Rlbi5j
+b20vcGdwLWtleS1zaWduaW5nLXBvbGljeS5odG1sAAoJEDAZDowfKNiuNUAAnjPH
+ZE2+qGvOkOkRYAmqCFMXw9euAJ4lr8dHPg0y8xeNH8M6rSswZaeHT4kAlQMFEDuB
+4BNSrOsu06QsYQEB6AYD/iRZgJ2U+hTGt879PPwLW1y7dQFbjMHqbyyM7eml9ZbC
++m+jqNvMsniFCR5qvStMgbXuUZGGpd41mL5+vqF0wwM00nBQe+rr5grY2oMPCSEJ
+RNtHEamOsbc4GP59nrwbUhA7MKPSrPCvh9bvh+XQ7MSlar9eVBkqvnYmKdaKI1io
+iKIEEwECAAwFAj+WOcoFgwQgi58ACgkQ4WdUde/jR61yvQQAghvUxGu+fWc6RUEZ
+nrQ8n69FOPRq+od8fiYNF5iSWfBon3hmT8IQi3vRFbqCcKsd7fn+rl2zZjFU5f7S
+uzaF8+hODuH7B/jK+bW/dnhpgDRZyvmZMtLpeAOPh3IkrGEeknV1LeTZcRJnbGTZ
+iSu3LS8E/AVuSXmmj+2tXXBzSFKJARUDBRA3Q97TUoBXRHZTQB0BAchxB/9iTH4O
+9RoIshiUysQgMpncn9o9snx+sCO/NiSuAVleHNBP1d/Kvo6SGLJYoVfbfLPMNVyu
+Z4jGi8JQjsgVjpAz93nIevhjz7Xwd3JpS9oUvPej1mdWnUB4AnkKQfN+5+eso9Gk
+7OC9cWq20lU9tpVMDIlOj8GHR9kYfJ4fBbzdCGbG5Z9pzo+96gDUMzX5ZrHlChdV
+4eHJPMi60XeK+mpocQFQH3GBUSTeM3Sy93JoYJLdAA2ZcwMF5xI8HRx8u0rwCZNX
+nDTgPaRbDiW7587n3dWn7Pwmxu/CPtCQ4YO+WdjcKvHio7CqojtM8/7xuclkp3Wb
+1pE1s9w929ca9SHdiQEVAwUQOcqYVhpPhku+30gxAQGDOwgAjoKCGePm8h7g2edN
+YGosrPTMcZ8PNCMETXMZozgCbEd5oWvotRaZnta2CZyj/u5gOrE7z8XR2PNttenu
+HVDii5y0KwaaTR12/wrp9VJ61wLy/4zncnx/C9Nwg/Mu9Y2bMS8EuL16yWNrm6Yx
+prWsaaYy7G251NI7cseXcVnuAowzm6k8ovEwCAqVl4s7EUibNQQCuDgH4idUdr41
+0fDnpUalpvsGYf1wqhs93RbjU7pNEaLmnlz8zESHYaev+JpMVAfnw/jjWp97xyCu
+al75xrc/aj93anrobvU/sSKCDbteDzW9xYyjqZGu2npn+rBR4iUHZf9j/glwT0PV
+nH/jf4kBHAQTAQIABgUCQQm8qwAKCRAz/XFX/s5mTm10B/wK4tRztfYKQVVYYl3r
+duOE1rEntFEP3yV0H5qkIlPrXNi3j2hgOiUEBNDgFpuJ9rSz7IZ3GcIGlP2IlT9O
+icGwpabAtoB81S8rJKkzI+bBLCK2J1xJslIdjk2FO1u+KjLu1gu3RZYaYPc3bETX
+XmtECI2h5hNazvDw+QS1JTIkqr/vhl3TY9JAxiLwNBWn30phh8kRzvRJh1EI584v
+RVb7nTSd6PYpnpoEskJbXyAc+BV2QLPk95oj52MweGADFNv3uuyUq2WH9H1KP3Mn
+wNReTy++woQfLzobHHMyBr4ccC4uKlqOmBcZ+kkmEjxrJTRALelu2quUhpR7a0tc
+qFxSiQGiBBMBAgAMBQJBhRYSBYMI077WAAoJENJkZhEZk6qtGSkL/0qaizY3Ix+h
+wNj+UAN8sGhPLYNGSnPCgLyLMceByJP7fpF96Try6wIYsVAsXdltuC6wEsDNjIc7
+4FCduAc0HfhnJ5Yu3ciJ/DvR//vlbnE1pp+RysVf7V3CVNxLgOdfSBd76tgktcfb
+sh+R+qKR4JtWjojkET+XAOrCDYNj8P3nNxHzzYO9UHSBsNzrm46RBFNxtETh0nDx
+mgzfu6i2vpSwoRMbi/39VGlHJNYoA7itVZfZx8FebJA9KcirRDGtWcofsUhWWfnQ
+A2K+ahPIx+N0xVzuxjKZoXbkSC+LFwzaoYFUE6OcFsBkUY40QhCNKIWUX3kSZVUW
+ro6WuwMltQAkXG+03awShgpciqzZ3o+Oro8zmMoESJl9c5oUWuIfJwHpvrw7UrAr
+cZLdf6bcOjHlJqGv2XSRJIxeiUtLghPrZF8pqN7j58yL94QC7PsQLsRkcgGLp9aS
+v87O7XzGU9nlyOS7wR56pQPClpTO8tm6ckquKh7T5jIqnszVh2t4yYkCIgQQAQIA
+DAUCQcIpbgWDCJaregAKCRCq4+bOZqFEaCX4D/4kRmZ8eDsYuKrw8OS0yUK3PI9k
+4wyBGxUQmuJKgXFRAbCkUpATHvRh6ZXquWFSVbgkay3cfbGLfZWiT7TAz+k3eiVS
+tm/Mk88pqlTfu2pUq0/5bpqJF9zt/L/i2aY/030A4l5gsEccCsdy5F1FXQPbYGFT
+vjtPJx8hMstAG761HhaOib/A2O8jd7f8elZMGSTubtsFJ1/K2Po6sy/3ylJlfo/F
+zgvqTJYju4IPsIrq44D3k4kQDMahU2W4k6crQncV7w2wqC0zxmuZIuCio1wyvYG3
+ey/pjNfrOemSuA/gmmN38uBJM+vEQIPnUdJslc9H2eH4rVKFEQZuqUk+HUdwVQhJ
+KfwaMmSiGj4PeXphtFc6a3lqfhsiN+7lOnzk0dRMCxZEMgLjIC6pGquJ610zsYGR
+b/viXDUliNBJod7CeOHRH653/00U9aaqh1Km2He+BWmtZt+Kzw10YUm8oox0/E6X
+lE4EL8p/LP1uv8vbaGzTVxX5NIr9gVhrnOVDHHXtlFZxatg7ZLuSNkK6oiqsR2yn
+xk2ysmTQEzyi20UFxnH8ICsUyRyEDbJlbewQPtJRnknpV6QhsUA6bVytyYYA3RkJ
+qSDojEgAgz5LL+Zhm1Ttz9ccwxJY6/ZevzlScNrFxPnzmaotfWPgFis0yF+PLZGT
+uf/gssj8yYMAWhhtBJkBogQ3OvfdEQQAw/+RYsI0gH0jpxd1Y6dsbupdOX+dmT/U
+5Hha81a/nTrEP/vOIjx83r26zigtSXBDr+zrMTh18Xu2CYLOogsLcE6ayhdzMes6
+OSd57S7WmoWufFEQOB1+28aaLFyzI0XW6MpnCPYJVS3mVrMr48My2jWL0jitpZMs
+cjGy5i4afSsAoIwpCTjZRgFmv7Gflb+BGVUuEnOlBADBZ0X//+VHI1zZTApL8VhG
+n7bt2EB/u5INdQ2wc29m1zqQB8T3rU5//5csVlTvW6i2w4gDHIAlIRNxvvdPNIPX
+t/jYIXQwM//UDAc5IN0DEOXT5rMklel/mw7yVYfejiY5W4SxYhiGW3D4ybwKYQ7l
+atQBBHYmGWLPE/YAjxdKFgP+LqWWdZ5KV6clKp43AkUk73hDMvGnl8Z/Vv2M+waj
+66/MbJJdBgUW/Pu2NJGasxVSK8q36EXj9pNB0K8FVrx6u2eANEdrWj9MO/cchQ3s
+C3I3et1N568qqnXOu/7mV1yVHJfS8sQc2tptMTneb7usmXAF5+OziUOcS7ukwSEX
+nJy0Nk1hcmN1cyBCcmlua21hbm4gPE1hcmN1cy5Ccmlua21hbm5AcnVoci11bmkt
+Ym9jaHVtLmRlPohgBBMRAgAYAwsKAwMVAwIDFgIBAheABQI/gWcwAhkBABIHZUdQ
+RwABAQkQwKTLuYeXhWkpeQCdGJrYN/uT05T+grdci+zzNebybfYAmgK2OjM0TLkD
+SZeSjVgKEx6tG7wltBBNYXJjdXMgQnJpbmttYW5uiFUEExECABUFAjc6990DCwoD
+AxUDAgMWAgECF4AACgkQwKTLuYeXhWlAywCdGYJpwUWVH0GGNZ39SAt5NzOerMcA
+n2Nfqz0v/sdr0mMPNbSziGNUevyBtCVNYXJjdXMgQnJpbmttYW5uIDxicmlua21k
+QGRlYmlhbi5vcmc+iF0EExECABUFAjc6+dkDCwoDAxUDAgMWAgECF4AAEgkQwKTL
+uYeXhWkHZUdQRwABAbX/AJ47R66dq4o3vobMe3LqOHhXEdWeUACfTvV0bshBX3MI
+bIY53lhOnqkNvVS0IE1hcmN1cyBCcmlua21hbm4gPG1iQGcxMGNvZGUuZGU+iF8E
+ExECABcFAjxw+b0FCwcKAwQDFQMCAxYCAQIXgAASCRDApMu5h5eFaQdlR1BHAAEB
+jmYAni0grvGxgcgSuXK3vzLErIkfFK+jAJ9OfvRc1QinOAydyujUX5roXM/opLQh
+TWFyY3VzIEJyaW5rbWFubiA8bWJAZzEwY29kZS5jb20+iGYEExECAB4FAjx7ebMC
+GwMGCwcKAwQCAxUDAgMWAgECHgECF4AAEgkQwKTLuYeXhWkHZUdQRwABAZRBAJ4o
+xvVUX6skfJud8oKoYvy0l/ArGQCePXVckzHYxtiuH7NsDTesxWN2Jx25Ag0ENzr5
+dhAIAKcsu8SB0lBBOxYbd/oX0mirpH6wmQCE9p+GAsUA84pj9xE+beb7hWlBLGeD
+mfDWLoel7AsD7vVCciK7u/3I5XDPWE57TIJht0F4pfQ58p90EK2qqIxrVkmj8L51
+ohy0rot2VuklO/+2SlYj7a+wApfwPU9hkBCKmoQKbMNbkeX1C9O6cAOwa3bLyhd+
+5ZwVKtbsFXO08dkEmR0g7i0+jOzKVZdTAzE2uLg/3m58Uy9g3UMxhg4tbWZrS0Hs
+cWdZXoAjo/cw3nC6utaZSy582gxpGXf4D7DjmUOW9AwkDbPZFuHCyYRrpO/Q+4kQ
+vKTkDIi6m3w1P9eGm7eq7ds3Wu8AAwUH/j8DBqWtXC2m1G+9nsj9bUuYtC5OMKyi
+9MRiwbrCdlkR/q7hRgpvojxiui6M69s5raBIDa+3k2mAHVHqfR+7QC+n4KTXIXHO
+rN4GHD6jlEDwnVrylqawMFAgCRutD7ipTPffJ9G5cHqPLuBJo57P49uR+DZ+lpng
+qr4XTRMW9k95RkM5I7GnUU+13Tj54AzThi4se1leKYQjWBYQLbi//MOFZ8EpPeAd
+P4nNCULHRNj0wix4U7hwEBWKHndFSrQKypwotIsTnoyfme2JdArcr532tD8+3miV
+NHqd2BiRYInQRCGsVaLKzEs79sxMreBpv2qp+LCLWZ6V4QMaInonLdmITgQYEQIA
+BgUCNzr5dgASCRDApMu5h5eFaQdlR1BHAAEBnD0Anif1Vuv+XbRwwHOnUyvytsWJ
+WeMYAJ9+8bxaWB4D8NDgqzYSzcgpCWdF1biOBERAD/ABBAClEc+ggo3tKaaLNJSQ
+E+C6sUQjjqXQnFgOengMBFio5Ur7+si8DK9iKolgk6HuIYFH6MeCmFvURicKoclY
+MVGKGx8mc3iq7awBIrU4j74Rj5XiXjeMui/jHggH90bf/ouHNcTTsHX5kziweTdq
+WVYo7Agjdh5ckv6cYqlg8/+DSQAg/KqjY4hJBBgRAgAJBQJEQA/wAhsgAAoJEMCk
+y7mHl4VpGNgAn2cLCf57hXUddxvbPBgtWX4WyPxDAJ9fg38QhJrqfK9+z+zL2pZ7
+GqGrdIhGBBARAgAGBQI3eHY0AAoJEHEtyVg9xXb3TzMAnR0w/cs3O5FAaFw+aVSD
+k9uUJP6yAJ9loILfam+WveF+MrGnusXsDvf93YhGBBARAgAGBQI3eRy6AAoJEDdA
+fgkueqrNIqgAniqrGi+nLmBPc/iORHs3j8yMnN2oAJ9xp5U/RAYg2iPtlROY0EXk
+pvqYL4hGBBARAgAGBQI3jxN5AAoJEKnmZ/8mzHhTgkgAoNlFm5PawxyMGlXB0yNN
+tWu7iGuHAJ9gH6O2TKuIj7fYloIoBLke1F3uXIhGBBARAgAGBQI7QP/MAAoJEHkW
+Lzb39qrZZMgAn04SZfDYEEO0H8+5/pkG3Z1J68AbAJ9hyy44uuT9q+5pvcEllbkl
+yEYtaIhGBBARAgAGBQI7QQXvAAoJEDv2CcaLr829DjAAoNQfXgbkxwImu4O3D53P
+p6Yw+dn9AKCoXLfEm6zS+k3dDRiulTpJ94NMSIhGBBARAgAGBQI7SG89AAoJEOd1
+4yTbQbOHoFoAoJxye0ZLZnOzejGbaAjddDnFFrRFAJ9JiefttTviGzVcZNYi6x9m
+IU3uKYhGBBARAgAGBQI7SzZQAAoJEA6nVrUUSEP1/PAAn1fjkC9n6gLfWZFiD9h2
+5rtlx8NqAJ9+GN3xGvYw5oJkrkK6E/hyJKcI+YhGBBARAgAGBQI7S1hbAAoJECtK
+7KmxIjWtboYAniB0KO+NBf7tH6jfR4atZfB9oJEYAKDUsALj1UN3GoCKQVxBPYWy
+nYA9w4hGBBARAgAGBQI7UsBUAAoJEPHSzMhJehdtJRwAn1ZW50Mgvhp5Eo6mt+rM
+Mgwy2cJ5AJsEuWt5hQhJBhn704ZjghvziiAfoIhGBBARAgAGBQI7Yxq8AAoJEI8f
+38m84JQ2t9wAnR9xQ46nFf/hQzZZCLVWNvtKuxN3AJ0bCgAa4eqwqB5hg/yuNPEz
+FbwhqIhGBBARAgAGBQI8bmBGAAoJEIeVOB4bvrhK6WMAn3ZhE2bM5T2GaF/Fh8Tp
+EIVVQ3FKAJ0Q9Uwjr/Epn/57Yit+lmbMfnVijIhGBBARAgAGBQI8cRerAAoJEJss
+h2hy8fIND28An1Z5Hls+Jskp6DbiIfGErYHYcjaPAKCW1DtpYhFK2uV4Pza37KWi
+lvx4cYhGBBARAgAGBQI8cUClAAoJEDoapjWQmlQG7xkAn0bSTKB3BHl66795wtmR
+doFKZ614AJ42rgO2IJG5XRh/+/jrcGjztvsBSYhGBBARAgAGBQI8dK6yAAoJENGj
+7q+v0QrPm3wAoIe0Co9vlKf6gwjz4Yky9BiXvYyCAJ9m923YzjngFMGB47gqKmS3
+U4IIYohGBBARAgAGBQI8e3KdAAoJEG74r8KGV0rKYiwAniujSnXrQZ2eNGC+mXTS
+oLBEWmzjAJ0Zk27daFO6GUgfwM92bu6XW3ZeT4hGBBARAgAGBQI8fUKyAAoJECwY
+oCq0xfN/PrQAniShB8M6BMHsw3rOuIvxOc3XbAv5AKCYx7ubF1eWysuTN7GyrUZB
+44Z8QIhGBBARAgAGBQI8jL2vAAoJEIW5kHXCkQ5BtCIAoInMgQPBUeS3wW2kq6/H
+Cv5f+S/iAKCrl00OZZomz14dgloHRsz8169iKIhGBBARAgAGBQI9Bsd9AAoJEIy7
+QVMRS68RLqIAniJuMJxQyTaBG1jqO1WN78OXrBMNAJ95cE8pmb0CEMax3jmm3qwJ
+ReaZj4hGBBARAgAGBQI9KMbSAAoJEHw7eXCIx8H3MKoAnj8ejnMUKjC5koe6wJtc
+9LVJT0RpAKCIzW4B7a9CLQ5fz8hPQRvsWRP/o4hGBBARAgAGBQI9KMbdAAoJECdl
+aNdcYVOt6iUAoJuvqfjsSHKGO49j2NrKZMJ67CRdAJ0fnfurvWJ3uQIqruDSQZWH
+p8KYu4hGBBARAgAGBQI9MZAnAAoJEBjNJaUi84rziG0Anj2uvYByl0PC5AdxzFLk
+XXp5dk8pAJ49YzZVnhkMBMPAO0Sm/QI63vBvs4hGBBARAgAGBQI9MuXOAAoJEFCP
+02O8k2g5ZSMAoN4H5EETb1cMQs17fGuL1joMtVLuAJ45UH/ZE+AZLSWAdfe9dDFO
+ZQnkAIhGBBARAgAGBQI9Noz9AAoJEJEIIZ7c3okKP0MAn0EOq7NUy8WKGo1KV/EZ
+n5xqKUiUAJwLjZ+oDrBSqK0DUiyLjjOEIU9VmIhGBBARAgAGBQI9PHAWAAoJEIRj
+NbghwGWY11AAoInXmR/k8Ne9PdwnYSFOE5E4qmmRAJsG+HisIophbRek8Gv/+JJU
+Kua4fohGBBARAgAGBQI9T4h+AAoJEFSPWeucFDVdf0UAniptwdlWlYCFFfKW/pnz
+Dd8FHGWyAKCHM7EKGExVSBggS85+fw4SfBooJohGBBARAgAGBQI9UvZFAAoJEJUz
+dHX4v2Q6fr8An1koj58GE8xW9THsD+MWOUQ7mCC8AJ0ZmZKZ2SLfkPiabIMT2SzF
+w1pivohGBBARAgAGBQI9tOMPAAoJEFKS90Pr1ZNrDF8AoJSdILy4qjGGbQlliBCq
+pWE2shTdAJ0bMLGPV22bdiCAb+ClRTUf+N30zYhGBBARAgAGBQI9vAmLAAoJEKjd
+nYDckq4wdJ0An2EyKrDlGADPuTxalNV9Jl3lk3LzAJ99srXCSn1Q/yiZ4QRN09bG
++E3QMohGBBARAgAGBQI9vJT9AAoJEDbPukR4kWuEUlgAn38GC0wC5e52psalECLX
+tbhSe5TPAJ94pkrDtmSHfiDzc4wcTHZyTkBx4IhGBBARAgAGBQI9yzuyAAoJEAmU
+kfeRsNO3mSAAnAhDCThzCLAeYLmJuaqEdgUsXuBMAJ9CqoF4TxYaGjLCrvi1BNwm
+k1WsS4hGBBARAgAGBQI+MbfNAAoJEO7w2zSzISYDinoAn0oHAHeQNngKkgOzsYWa
+0yylqnLZAJ0Uw/vXC85jTknV0mnQVdq2gPjK6YhGBBARAgAGBQI+SvTqAAoJEJh2
+iWGe0QG/ozEAoMCIqXaTTFCIxKnv4F+EbB80OdkSAJ97SDPfLqiJzAMXG6lvjHDa
+rw3XdIhGBBARAgAGBQI/UOXyAAoJEJFazEWo9ML9ZBMAn35HFpq2xA/wWHM7Xu4S
+roXw4R4fAJ4lFCPx04BnsgssRiaE031lZQuv0YhGBBARAgAGBQJBfAG5AAoJEBhZ
+0B9ne6HsqnEAn3HyxNjfzzEVjzLoy0XZ+ZQ5hP9/AJoDLUzLUkc2fLXnjVzBlm8g
+ZkAcQ4hGBBARAgAGBQJBfBJgAAoJEIHC9+viE7aSrCgAn2EuRkEC/AiVvXodTQWk
+S5YS3DclAJ0ZkaSD/AB1dfba4ew+eJq1ZhFH1ohGBBARAgAGBQJBfBK4AAoJEGtw
+7Nldw/RzcSoAnRvnV5SsgKsmKVogURBP10GMeWz/AJ44hk9u/COHiSetWHPT6PIH
+72vUeohGBBARAgAGBQJCKNAAAAoJELZr9ntxA8Xa4A8AoLOrStPezgIdnhfSDc53
+3a6f3krSAJ9zJFv7eYIDceXsrBNAVGbKXiEA9IhGBBARAgAGBQJCXCq4AAoJECqL
+xADARsA5ez0AnjIC2fOR4A4laWtCc8DeaeCv+luuAKDhzoNo0SdivuqPXvMYZTZ7
+LFixiIhGBBARAgAGBQJEEXJjAAoJEBJ2JBfPBQjsGUYAnArkZVd+f8AsuxVJJ2/Z
+6HmWOEGpAKCj6YVSBxQBpyoX3dl5TH98CHnbkohGBBIRAgAGBQI9J19CAAoJEAsP
+KSnfge6DXRsAoIDfyLevFYw2Nyfp4OZlB9IUZH5tAJ9bSlzv7sZ7vBiiVgYbYddy
+6U6+hIhGBBIRAgAGBQI/GXHjAAoJEDMLA4tsY3Rt3AIAoLCm358o91ksXqe9TEgy
+qEouaO+YAJoC7eKWbnMe+zOncqmkIe92+3RIeohGBBIRAgAGBQJBi+CkAAoJENvD
+6/wz4/5WsSQAni0OEioU1TqooxTW2d6FocGs+eZ+AJ9byIvaBCapruL0gLAxejwd
+FIrU+ohGBBMRAgAGBQI9BOe4AAoJEHFe1qB+e4rJCI4Ani/RIDLie4DJBD5vcOQl
+XkQ/B0boAJ9Gs8lCM5RJ5Md1WIlPvaLLff6YpYhGBBMRAgAGBQI9NJl7AAoJEDm2
+Yqiv44FpnHcAn2RrMkIIuRwWS+olbhI29rqLOYQcAJ96OTzBv9HnLQk97MgrIk0u
+MTEoC4hGBBMRAgAGBQI9tWUKAAoJEMuWmJRMxwhdbz8An0jDzVqVBr3R8Paca3YG
+rkg/B57VAJ42uzjJS7+2gWdvSCIPbfNqyzJUM4hGBBMRAgAGBQI9tkNMAAoJELLT
+fwi1TAkwUw8An0XpAx/1YVEIAl/bBUh8vQNVfXQ+AJ9ZqEEth2Qm/btpLG21+9PN
+CQimwohGBBMRAgAGBQI9vG9/AAoJEC4s9nt3lqYLkZwAoKliHAv9tlFYFquFB6Uo
+NyJYRRVeAJ9/askE+TClHgOeX/tAutVWTeVgyohGBBMRAgAGBQI9vczLAAoJECn4
+5GVniJZfCtUAn3fwEjTyMPsSkMACHZlRwTKJTn+MAJ9RJGFw+H4SOfcFyzQl26OQ
+xUDla4hGBBMRAgAGBQI9zVX8AAoJEO9n+8dii45pisgAoIlvGenK8VWdjEHdJ9Iq
+zbsVQybaAJ9fR0pBQQF/VSq0iLz0UNfitcs4F4hGBBMRAgAGBQI+SY57AAoJEN56
+r26UwJx/9lYAoOVoRTgMTEI2mPFriutraU32X23OAJ9JwE+eS9nTIOmicFcKL3Nu
+tCQTUIhGBBMRAgAGBQI/hFB8AAoJEMUUr45LpAHDePsAoNyxJbmjCjwi4sPKFF3B
+0Mf2gn2xAKCtEVTTWYUILahVdnjru7PmlHlCIohGBBMRAgAGBQJBcnkMAAoJEE97
+8oSv+wwXC/8AnigNNsG2wTGZSPyaEwk2hYwNxzvhAJ49XlqwWx0yp3NRxzR3R7lo
+cjcozYhGBBMRAgAGBQJCM5T6AAoJEOSLZbVLOU9+BAEAoJmB1Ghp0atCi86bnLcr
+vxLBVJQOAJ47shbjSakiqp7V89s45voH0JZUdYhGBBMRAgAGBQJEEK6PAAoJEL7C
+TATaqJiSTCIAoIE+Fx+fKPJYDhl2YoDdFKyJub3OAJ9IGj6D2KN4UMhhYhBMXEMR
+7pAFmIhdBBMRAgAVBQI3OvnBAwsKAwMVAwIDFgIBAheAABIJEMCky7mHl4VpB2VH
+UEcAAQG3FQCfZy6nZ6K2JJ3p8jnNjP+KnCgBf6IAn3WumBB9RjfvYCPL7EkOWhGR
+J21NiQCVAwUQOHtkh0wn7WU2580JAQHcGQQAij9e1yHjYezeVWVhWhjg07qEfc/V
+5PVQ5u5KW7zW0ztS8RtTIaaJaI8lLnJMV6gj5cx991GzaL4+nD0Hn+XpDacNGnO6
+vTlel4xrvcRJetC5dD6kd/vvb+mKiVwHbK+bF4hiBzbsreJ2T0HUEVKoSz1Wpbhr
+EO2h5N3fPdHKDh6JASIEEAECAAwFAkKczAUFAwASdQAACgkQlxC4m8pXrXzJaQf+
+Nn46e4Gu7Jsj0iBOECOFTHCYwvCtBXYSiAJ2qNbVQ4G9zHCW25nMcmnCxoT5LISX
+buvTpw5wSvDOlIsJtDvAfVK48SXXqoMJ5S/0oj6nJKJllMCGHEIhjCHyvWWVk79Z
+pit5glaUBfG/mYqs07fm6KuYQ8Zt6kB0Sl8igdE/fozRkoUgeIjNUbVqLvr0JXz1
+TCRjQmlwzqc0Pgi/Hb5dbVBh6v3hXK0ELN6jvaNenxz2yDGIgJsI7g2etofHLGQj
+g/pKkAnoHHs7/EeteY94Owz/5SwM7U3dfQ2rKq0Ff+U1UNpnnyQOjMc/xSODFA5R
+q2vB0HeoGmoxBXQjvB+Pi4kCHAQQAQIABgUCQXwTXwAKCRCq4+bOZqFEaJ8SEACo
+zWbFSR5Va3uz7ycxX8Ca6CT0RUyPFXgGfOH1TbvSKsW1Mfbqv/TL1RNI1yHZtAd5
+i8NGLCBsr/bJDZ/HYNdvGjWGKjklcFFjMDiGF/Q4c3CYSLl3JbFyovIX2Vd2FWxf
+PoLFdBRQL8AJkcZSXgkSFUPaqkZ2HUGDbzoCM9H7u9tScmDYjhBnhlWQuFoy5wjp
+baxAidZtcG4yccXfQtuJZKvyPwEp0TFUb1w2hKW7akS0i+wHcZpXlS2qqs2z/Bsy
+0YqNYR2K6qBmbbVkuWiBGYatDyuSBD0XyoE1hcuFX92qt6KfMYgV5sjcwiGE/di7
+Bw1KbZfW4UKhvlJMYtCLncfkR/6qPNA2W4xAh2QDklSeR+W0gsTe2H817y9ud7+7
+xOnMC0u+QGFqXLzRA2O77oMfNFvi+3BvxS9kI+8PBP/aU/e7iGYGnOguvsZqv8NL
+IbEX37AfK03w7G+WdhW8WuseXIjQzshpsE4JNY0vRyfaKCsaVjqkS4Nm3fXsC3KL
+72FzZBLAhZ+650xce11DwshqffGPYrz9WDRC545AdTp2dzw3/XnH/GMJyjZs9mSB
+zUsJ4MkLo+zO0tAguNnL2Olr1H34fmAJkgDT1C1ieLBmRlSiujyfd/xNEnugKAzJ
+4qworARVplLRhhYtuTD+txWkxDUmOnu26DMnulpQSriOBERAEBQBBADTb0UqApeh
+0QVKA86Vdw0FcbCj7//sD2EtgMYWFm6pQx/9j/7om2gMkaEFaJ/qylQci0P35Vdj
+lBTuwt7a4bnLHqdcMMImfI1RiziGrGnU4dXupizQ/jkgZZs+De9JKM3G0u0Tl20+
+Nuqz/rIyDkhxRqu3uRD7CkzYb6sG3EnJkQAgwuBLPYhJBBgRAgAJBQJEQBAUAhsC
+AAoJEMCky7mHl4Vp/3EAn3lLjZHnh5J8vDPX0EfXTiaCxcRwAJ9mXDiOfaSXENw+
+uZGLREwJhEeZxIjnBBgRAgAJAhsCBQJGlKAIAKidIAQZAQIABgUCRpSgAQAKCRD7
+iGK9/NKik3GsA/9kPscavUwGxHQuxeY8DpMF/kYBxY2cupj/JCEymaxZpA5ErBt0
+k3y0P2mNPy1FLmAO8zmr8M7/ehrwinMzYZuNY6o7pc7ldxtRsLnTcM4pRfM/9LKq
+hXz4vFx5W5Qulb92uUnt4qBmepSikFAIajfEDGRjl91b37Sa8/nfkXWZxAkQwKTL
+uYeXhWkzwgCfQaaSyjLGy3WIyGuMVzLdlmuaHtQAn21yptlhrgcvevUDTI6gLyom
+emvvuI4EREAQLgEEANcDmpVzzww3xczTgL8ekK+Tr9hiwvEhtLkUtPtCQVxEVri7
+HvF0U78T5ep59Ex9I8lfGjBmUtJ1T1cFXRnbYys/+HMO8DEbUdoiRTLet3+mR/ek
+2own7avqokaCSO1xr3n6Km02drp7H9HyUlOC+QKhP6FvtdhIpd4Hi7WQyJUdACD1
+VIwTiEkEGBECAAkFAkRAEC4CGwwACgkQwKTLuYeXhWmi1wCeIyRDSxYXMi2CmZYR
+SkmOdAtG+tkAn0KyfLD/DbjXYGLUqIAU3fvZ88UWmQGiBDpU6CcRBADCT/tGpBu0
+EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5X
+DFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj
+6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD
+/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGd
+GroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps
+2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRT
+Lk0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kx
+ipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31ae
+v3HDy20YayxAE94BWIsKkhaMyohhBB8RAgAhBQI6VPBbAgcAFwyAET/HMgQdI+nq
+Zt21AJydvCHfdNxhAAoJEMdGNjmy13leV7gAoKHV2q0XEP8GJkyp0/V5lgbwBmBM
+AJ9TtVfw2khoaZ3LNV2tINSjj0Alp7QiUGhpbGlwIFIuIFppbW1lcm1hbm4gPHBy
+ekBtaXQuZWR1PohdBBARAgAVBQI6VOgnBQsJCAcDAhkBBRsDAAAAABIJEMdGNjmy
+13leB2VHUEcAAQFWUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr
+2e6QnV5Z0yjjtCJQaGlsaXAgUi4gWmltbWVybWFubiA8cHJ6QGFjbS5vcmc+iE4E
+EBECAAYFAjpU6LcAEgkQx0Y2ObLXeV4HZUdQRwABARPJAKDmKL2Aeo6OWwcZKyqS
+WLD4drQxfgCguJ7k7XEuQr+tL0ndoin0RSQTkCHRzH//AAANOgEQAAEBAAAAAAAA
+AAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQ
+Dg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/
+2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7
+Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACQAHgDASIAAhEBAxEB/8QAHwAAAQUB
+AQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQID
+AAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0
+NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKT
+lJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl
+5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL
+/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHB
+CSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpj
+ZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
+uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIR
+AxEAPwDqKXFKDSEgDJOBXSeeHaoJrqKIfMwqleanyUi/Osi4udqNLM+EUZJNNIlv
+sakuqjnYazbzxKlopLOHYfwqa5S/8QvOxjtyY1z17msqWZpGAzuz1wP61LmuhrGk
+3udHceO9RL4gSNB6EbjVU+Ndd3YEir9UFc+nLYC49jWhbt5UW0RIGbpyKzuzbliu
+huWfjnUw377ypQv3vk2/rXVaV4o07VFCiUQzd43P8j3rzVpnLESIgHoopZJIYIxP
+Dg89Vb7tNSZLppnsIIYAggj1FKa4XQ/G7r5dvexI0R4WVTgj6jpXbxyrNGskZ3Iw
+yCD1FWncxaa3F24oNLRTJIyKKecUUwHjrWbql2Y/3KHk9a084HPauZu7gTXLseme
+KEgkyLmuS8TaqXmNlG3yofnweprp7qdba1lnbpGhavPH3yN5rH55DuJNKo9LF0Y3
+d2T2sTt+8dflPQYzk1twaJK8AeVCxfkKOMVBo1qJLmJSPkHzH3ru4bRJlXjFc7Z2
+JXOBudBlIyEYAevaq8FkLRsld5J69xXpDaNC5PByffAqlJ4b8wkFiPTjpSci/ZnA
+3cXDbmcsRkEmoILGWYkpu9zXfjwkzgGUqVHtWhbaFbWyjEa7vYUlIfszy+e1uLEh
+njfY3Xjiu28EeJZJ3XSpxuVUzFJ3Hsa0dU02IwMCgI78VxEcB0nxAnlOUDfPGfQ1
+pF6mNSN0eu0lQ2c4ubOKYfxoGqatjjG0UtFMQTsFgdj2U1zGB2OfwroNTcrZPjvx
+XP5pxJkZniF9miz5/iwv61xA+aUDOR3x3rq/F0hWwhjH8cmT+ArmIIvNmSJeD61l
+U3OqivdOn0KNTPuU5xxgdBXZ2TAIOe1YGj2ItLYYGTitSK7ghchpBk9hWD1OqKsb
+Ccke1WkdcYIFUYZo3I2uDn0q2FIIx3pGy1JHAJAAHNVpCu4kcCpFJaZgOiioJm2v
+t6E9KQzPvZAUIHNcL4jjC3Fq/cOR+FdtdHnHrXH+JSjMmexP8qqLMah1vgq4kuPD
+NuZc5jLRgnuAeK3s+lYng2PZ4YtAeSdx5/3jW5XUtjzpbsaTRSniimSUdZmCwrF3
+bmsWtDWj/pKD/ZrNzVLYh7lTVbCG8tQ1wGKKTgoeR71yGmWNzPdpLb/NsfOG4yK7
+2+XfoU20Y8uJmJPucf41geG38wSMRwpCiuVu8nc9JRUYRSNoXqiHywjJOy/LH1J9
+hWcraeFBup0jnI3FVXcfyrYvoEmsSdoLqQQ2ORyKVdDRcmNEORz2P51m20aRjcy5
+L0mKIWmpWpVc8mHa2M8c960NP1q9hjYSSJMy85wentg/zph0OSCJ47UCNJAA4JBz
++lVv7NayUlV3DG04bGc1Dl2NIxstTootVaMFlaEmY4UEkZ9hVPUtZS2lU3Aj3DjC
+PnH8qp60vkWVrDHkMoULjocVizRXDxB41aSbJLh1BUjtjvmmmEtDVk8QWLLuD89g
+3Ga5bxDceY0Ei5AJY4PrV9mit40juNPXbIPneNSNp+hrLvdO86SGCJsB5Pl3N68Y
+FXFmMr9T0vw2mzw7YjrmEH8+a06itYkhto4kXasaBQPoKkNdR57EPSig0UyTH1sE
+XSHsVrNzW7q1uZoBIvVKwqtbEvcfefPoN1GpADR4ye3P/wBesDQEaJHU93PFbNzP
+5em3K7S25OlZumxFGXBGc5I9zya5ZRs2ehCfMkdJbqs0LRN91hg1pQQtDCBKPMI4
+3L396yLeTax7VdGrJbqRlWfsDWLZ1xWhPcXFvEhZoZRj8vzqghM9woMe1B8yoe3u
+feo5pDcobiW4Tcpyq54H1qGDW0aXeFUhOCVOaSa6ltE2twubZZlHzQsGA9aW1WC6
+gVwVdT09foaj1PXbaeLy1CqzcbV706ygiZQs4aFnGUkjOD9D60SaYK4XenW5iJ2c
+/WucVJX1qzEfOJlUH6cmupeJY1w11Iw9OP8ACsSNgNegRFyC/AA6Zq6aVznr6RO3
+4Hako5PUYorrPMENFIaKACQZiYY6iuWcFZCp7Gur61z+qQ+TclscNzTiTIoyLvjZ
+emQRVLTTifyygUr156VezmsbUDLY3YlDYSQ8H0qaqujWhK0jo2woDk8DrXOs8l9e
+TeQHI3EgjkYqpca4fLMcbEMoxyeM07RL42t+vmk7W6iuJxaPRTTdh10bpVMDu0eT
+yDnp9aq2drdfaFaNhgckKwBxXaXKwtH52wEDuRWNJqVgGKPbINo5YDrSTNuWK3Zg
+38N48m9iS2SQA2cYq9aapdJCIblnjKn5WHar32GzuxvjTAPYHFJq7W1qkEPAbpgU
+eRMlbZlqHUjdW2cguDg46fWl0KJ7jxIWIysEe4nHeq1oYYrNSD0GcVueFICIbi6Y
+YM0mVz/d7VtSWpy15e6dATSGkJpO2a6ThFJoppNFAhj3MUf3mFZGqXUdy6BMELU8
+GiXExDXcu0d1Xk1p2+nQWw/cwgH+83JqrWFqznorC7nGUgYL/ebgfrVfVdGa80h1
+UZlQFlx3xXXT7RE67yXI7dKrImxAw7c090C0dzxIFkk2SZznByav2skk0qFDzjLH
+0xXVeLvBzMx1CxA2Ocso7E1xdtI9rO6SDb2NcjXQ9BSuro7bT74y2z2rNkA4znNS
+tpNreyGZTtJTHXpXJR3ptFUhyNwzx61oQeIvs8flocnGCcVm1Y3jNPc04mTSRKGc
+Nj7g+lc5qN897dPcHg54x2FNu9Qku5Bu4XJp+m6Re61MIrZDsj5eRuFH1pxjqROf
+3Gr4etLnVL0LyE6s3YCvRLeFLW3SFOFRQBVHQ9Ihs7IxIoL5yzdCTV4xvE3D/g4r
+qjCyPPnPmdyQkH8aCaZv28suPXHNKGBGQc07MgDn6UUhNFAGmqHkscewpjnJ4qZh
+lKZjJ/CmXYrtFhSzDkn+lMWPAGOhHFXJUypHr/hUUe0t5ZHJGV/qKLisJDtKmNgC
+p4wen0rl/EPgS0ut09rFjOSUX7y+49R7V1DJ5b5/hNVtb1mHRdHlvJ2xtwqcZyx6
+Cs5JM0hJpnkWoaBeW0525aMHA/wqrBoWoXMwSOI7mOABySa6ifW9W1KASBLe3twe
+bhgCfwNNi8XQ6XgpKbmXp+7iChvbNYdTp5tNCzpHw6uSY5dRnVVz80SHJI9zXZix
+tdOsRDaQpDHnhVHU+tSWFyL6yjnG5RIPmRuGQ91PuDQd1zc4AyqV0xSRySk5bkcc
+eyMHkHOanWN2HJyOvNSiIAHPvUuAAvvxVXJsVli4IBwR1HrTXtznrjPtVhky+fUU
+7naCfUU7isUGhZejZ9sUVcdCxxjt1op6CsWs/u/ypFHzfhS9Bj3pT1yKg0FwGB/G
+q7Aq4YdRyKtIMg1E69PUYpDB8MgbsaxtZ05NYhXTp8i3kzvI6j0x/OtUuBGUP1qj
+JJ5CvczSrGicszHhR70xdTy7XLS60y8bR5jmKGMNERwHH96r3gfR7aZ5NZvFL/Z3
+2wRkcbgMlj9M8VDqeo22t+JZL2V3Fq37qM9DtAxn8Sa6fwtAunatPprOJLe5Tzrd
+/cDDD8ufwrFW5rGzb5Tb0xwLad1BCtIWAIx1AqzCjIAwOGPWoogzyunyhSR90VfE
+f9DW2xh1IP3jORk9anVG8sbjyKfgA09edwouFiJ+GH4il2ZUjvQ/b609SN2KYC4A
+GexopkzHyyB1ooSBs//ZiE4EEBECAAYFAjpWjyIAEgkQx0Y2ObLXeV4HZUdQRwAB
+AQfRAKCSnx3toHhFsCAaIsCRkmFdI4Hn9gCbBDKIqvBEjybcnaBW+iZufcjAzsfR
+zNf/AAANkgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBD
+AAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEEx
+NDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7
+Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACPAHUD
+ASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA
+AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAk
+M2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlq
+c3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG
+x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEB
+AQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
+BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5
+OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaX
+mJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq
+8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2aiiigAooooAKyNb8S6boUZN1Lulx8sS/
+eP8Ah+NZXjbxcdCt/sdjh7+UdcjES+p968fvLyW6leaa4mmlY5kkL4AP1qXLsaQh
+fVnc6l8TdSncrYRRW6Zx03t/L+lYsvjjXnA8zUZY8nI2kr/QVzlu0b8+S2R/HvJN
+WFgAYuwDFuvJ/lzms2/M2UbdDrLPxlrETK51CRxn7sm1gfzrs9F8b2d8ix3v+jyn
++Ij5T/hXkQj8gZX5hnlCMZq9YShm8vzDt7HuDQm0KUUz3ZHWRQ6MGU9CDkGnV5VZ
+6xf6FJ5qTlY8/Mh5Vh9K77QNfi1uEkJskUZI7EeorRSuYyjY16KKKogKKKKACiii
+gArO17VU0XR575sFkXCKf4mPQVo1wHxXvfJ0yztw+N8hdh3IHA/nSew4q7PNdT1G
+a9vpLi4kaaaRyWY8KDRYWCXkuG5Qc+gzWe8mWAUYz19TW9pbGJAScZ6msJuyO2nG
+7NOPTrcxhAMdOmOKp3eg36OWsw0qY4x2rVgkynIyfrite0bKDBrBNo3aOOtvDWr3
+dwPPjEKDOS1dJbeFJYY/3UqKxGC5TJ/Wt+Fdx4HNaMUSlM9yK1TbMJ2RwWo+GtXe
+MiaZLlByCo2mpvCOpTaDrKpdEmA/KxIwVz612rR4PPWue13T4RcwXBUBWYI5A6Z6
+GmpNMmyasejghgCDkHkGlrD8J3ck+lfZ5m3SWreXu/vL/Cfy/lW5XQnc5GrMKKKK
+YgooooAK8j+LF4ZNchtmACQQjGDySefy6V6jqeowaVp099cnEcK7j7+grwXxjq1x
+r2ovqYRUV8DaCTtA7VMmtjWnBv3jMgjM0wAUnFbcCtHGFHOevtUek2RisUmkwS3O
+4HIqeWTaP3e0HPzMemfwrmk7s7oWSuatk7BQG71v28OFUpjHt2rj7XWreH91NLGW
+PQ7W/qK6bTdYs5IgFuI8njGajlsPmubtrmMGVuAo5q7GxWMcZBH51nmVDaIqMpEr
+DJB7VcWf98Y+wXg9jVowlqTtIpGP6Vj+KNv/AAj1y4xuUAr9cjFajHnHWsvxG6DS
+ij8h3H6c0yUW/Aju/n7xg7Rn6gkV2Fc14Lg22MszD53IBPf1rpa6I7HNLcKKKKok
+KKKKAOQ+JchHhuOIMR5twufoATXkjOkjqqAHLYAzxXq3xLikl0uzKAkCYg49SvFe
+YR2htbqKJyN3JODnNc837zO6l/DSNOLeijyuy7cEZzVG50jUbsmWKTamTny1GRzV
+4TAPtUZ+la2nyJbBWmZogScBhgfnWN7G9jmrfR7/AM7ZJdq8GDw8Suf6VRtXubfU
+FjMZR8jATjP0r0jfbMM7ULHvgVyl3BFPreICruTglTwvPr60+buKK1NeKe5S3W5l
+iaNmHBTgKfU//WpJ/E13bYVJxM+MnEYyK25LKNtPtkPCK4U/TNYF94IinuWfcUVj
+uDxnBBpITa7GppvitLnalxZzRseN6pkE/TtUviOVbmC0jhdSGk+b26VlGz1PSpkE
+Vz9sthgGN/vr7hq6PT7Qajq9os4ZI0BfYB1AOcH/AD3rSOrsYzVlc6bQrZrXR4Ed
+drldzD3P+RWjRRXUcQUUUUAFFFFAGN4r06bU9Blhtl3TIQ6qOrY7D8K8fvraW31J
+VmR0ZQPlYYI/Cvea8q+IVi0PiFrgnImjBUY/P+VZTj1OijP7JyP2n/SMnPB9eldX
+pV/5kIRsbfQ9K4yTMbhmyMnvUg1FoGYyI4THAXoPT+dYONztckkb2v69ZwSJa29q
+gLf6ybYPlHt7+9Q6JdWA1NWgYBMdBXOzTf2id0aFg3anW+l3Fkv2tmcL1A/wo5VY
+Sl9x6+ghnswgcEOOcdvemWs7zQHgSMjFGK+oNcZpd/Kl5Ct1JMIVAOA+M/WtGzu1
+0nXHWObdbXZ8xCT3PVTSuRyHTymN1QeUSwYcba1dHt1W5Z2xvVOg9z/9YVmC583G
+OM9BWtoTectzN/CZNi+4H/661p2uc9S6ia1FFFdBzBRRRQAUUVi6x4v0HQwft2ox
+K4/5ZodzfkOn40AbVcX8SrHdo6akg+e2ba2P7p/+v/OsDVvjhYws0elaZLO3Z5m2
+g/gM/wA6525+I+t+IQ+n3ywQ290rDy0jwQMZHJOetS9jSKdzm7i+USAlhkZ56Dr1
+rd0vy5o9r4cuvzcg54rjLzNvcFMY55xW3od8FKx4GR8zMemazlG6N4zfMap02KC6
+bEcTJ6Nx+tbumPYyRrb/AL+Jc/dBEig+wYcU20FtqSguuMcZ7mtCx8PrDMZGkJVG
+yB/Kuf1Oly7Ej6XcyebgQ3IZTtdl2OD26cViw2lxeSrayYTyzklTnbg9veun1LUU
+021IDb5Dwi+vvXOaVfIJZJN4LF8YHuadmTzHTqZEt/3eTIFwg7lu1dnpdn9g06K3
+7gZb6nrXn0mvWujeVqOoI8ltG6/LHyS3b/Gu20TxRo3iCMNp16kj4yYm+Vx/wE10
+U1ZHJWd3oa9FFFamAUUUUAeF+KPijqurI0Fq32K3PaJvmP1avPbi5kuZCWJOTyfW
+mzOzNinwxBRuPXtSNCe3hSIBiMv/ACp1vcbdThkbp5gz9KYzEL9agcE7vXND1Hex
+s6raecSVA3jkZ71nWdy1qWjkG3sQRWlBdi8tQ+cuvyuPcVFMsc3yyrz2P/16yi2t
+GdE4p+8jWsfEMNsU3H7vf+92rdt/FyiI4Zcnt6GvPmsyv3HB46k4zUiQTRKF3gAH
+Od3ehwi9SVOSVrHT6nrjzSYMgJUjknOKgsZnS4MrMVRerY/zk1mafAly2W3SAclg
+NoNWPNaW+kUDbFF8qovQHufr/hVqFkTzXNG+v3v5T5oxGq4WM9AKxlMlheCS1leN
+kO5CrYI59a0XOPvAfX1rN1OPPIB5TB+lUSekeF/ipNEqWutKbhBwJ1Hzj6jv/nrX
+pWnaxp2rRCSxu4pwRnCtyPqOor5ht5G3Dca2bW+mtXEkEzxsDkMuQaCeVM+kqK8W
+sPiPr1rB5bXImx0MqbiPxoouTyM80jh8xyxHyg1KVx1qxEEeNfK5FI6euKZViq5I
+FJDGZA+Occ0sik9BVaYMqZUkFecjjFIksQtJZT7+iEjcPSt63W1mUNIRjFc9ZXhu
+D5FwQSwwre/oa3raW3+xlGwWPr1FRUj1RtSl0GmW1jdlWCNz2Y/40yCBNQZijq0a
+NtKp/X/P51nXk4RJdqYBPJJHJq74a2x6XM4I3NJyM46f5NaQgkyZVG9DRv7hNPsW
+8pQP4VA7k/8A66g06Hy7dcnJbkk9yetU9TZpr+KHnKfO2fXoK0LYqYh1x6ZqpPUm
+JKy45z+XaqV8AUQ89x06VeccHA6896rXSbrZj3Ug1JRjYKsQfXrVxX+Xg+4qCVQQ
+D0NOhJYcdTSEtGWVkIyFU/gtFJGEywbA568c0UFmUomil/dAtk9B3q/nzBjHTqKW
+BVjIPU45NMPDn3pkLQY6jBwRxTIoxJIE7HjmpW4/OmQcXC+maBdTG2FHdckFDxWp
+p7yyyu+eMcD/AGj3qpdLsvpAMdTWxpkQjsVfpn5j+NVFXZCIL6N5YhG5GeWA6laT
+w/c+TJLYy4Al5TI/iHb8v5VYlwblAW6qMZ9c1mztgSleCzAKR26c1T0dwL1sDNPN
+Oed7HafYcCr8MnlSAZwrdSfWobSLZCij0xRLlXHHDVBojSLZGSTz29KYFDK6nncM
+VHbTCSMqx+739RUJvWz+5A4/jbp+VIZSnGFOAOKbC3zZzjr0pbjvnkk9qihyZAB3
+4oFfU0IEO05BH9f0oq1hIkXIySKKBn//2YhGBBARAgAGBQI8ZiQyAAoJEMdGNjmy
+13leJSIAoIx0Ql/m4Gf4ZZeFQ1Of+zq6499DAKCHBzmIEtE740kuUl5HGNvCJ4Qb
+MLQtUGhpbGlwIFIuIFppbW1lcm1hbm4gPHByekBwaGlsemltbWVybWFubi5jb20+
+iEwEEBECAAwFAj6+zxoFCwkIBwMACgkQx0Y2ObLXeV4M5gCgnemzKjFcpG5MpeFC
+TjVg24ptLhsAn03rO14zwfdxKS9ZSuGLeBG+d/eUuQMNBDpU6CcQDADMHXdXJDhK
+4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebByHTh1+/bBc8SDESYrQ2DD4+jWCv2h
+KCYLrqmus2UPogBTAaB81qujEh76DyrOH3SET8rzF/OkQOnX0ne2Qi0CNsEmy2he
+nXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZCV7cIfwgXcqK61qlC8wXo+VMROU+2
+8W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZS
+Tz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI6
+1Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/Cl
+WxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgH
+KXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVelMMm8AAgIMAI1R
+XgrY9LqHnvhnc1oGwhB7mORU7jwxKiGMLqzb0KM+GVTv1xAhhaYGm41/CuhnrOW3
+LPpjYWbrlXQh+9WJxHvO8UUI6FqEy6TVyv5Cn3fo4wSr2wtkbFOMKWDCscZLtikx
+JmsQLtuk6YRGOjgX+fliYIckIfxDMI5z37zSCNUSweIlUAGsLzLKSMovnHVX89IC
+sThC0wtuQE8aZBg7DxvHqMIeg7jdCNTNupF8EwdmpZUnKgghkKn6fXdczj4079wN
+WxnxuNyHQsg7IytPzmfbjJ9dGU/SzsEWMubn0mOF/h2O4laKQlrBYROXKkDLzo5h
+FG7AJsjI1q4F5MrL5q9m8Xagu+nAfhSe52kLTr87SOSPaVCmf0QRTDXVHA7qyr3N
+hPABTIp6s3TRxsJ/KJmXTUIijRu1xM7qFArdzrs9qWgn2VUfz+Yfsu6qQwsMfm6C
+SnOZ53/xKit+pWRqSd7pviZHJIUIFdpVmgqYMfNwfahJIyEz17HKHp3OLVsa7ohU
+BBgRAgAMBQI6VOgnBRsMAAAAABIJEMdGNjmy13leB2VHUEcAAQHlbQCg+N+fI3bz
+qF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7ReMDlYoIZwRRmQILBDxUyXkBEACg
+g6vxNPigg9FQz14CkPtR/dEq3sCjK1r4+2oyeoRno+pqZ6Z7ZfphgA/q5woweFAG
+Og17KD2WXegoQ5pXbFvP+w9j9zm3g59XzTRSzZgScelTibPnKy6g8r8GDAY6IQra
+R6pxe4297/NznqvRvKpTt5g1XP5LyjVBsEv9HAYJE1vyy10qSQRtEz3QunUzfELN
+C4kiYNMZOnmgaFeW4APIIhWDtrrxqW3Ofjp1K4DAhqcnayrfvYbOtqh0sxJ246kv
+Vc3Bc9pH6wDw/yub2deuPq6BZBLBJwrtu/20qD0nsZ9is/5j0aL1MZuVmr7xKYqe
+ehyzJ1WdpJK52qng9natYedS+GefKDIw1Jq7ppQNWfVduTNITFTF0JswggjQuPqK
+T8Td5GCywQWN/kGHbp6EdybiUXZ+9fp4eek0UB5M+srSwbkF4hQ0mBrqlsaoji4C
+uXjc0c+Zx1D0pGfqqBCmvEV1tLul3U8h0TzR4opUA8mLKegQp5cjh/dHz7zTPDxV
+gSr3blJ9FxI1Z69th/+jJj3q6joo3uW/5y8qQCrzdSCzs+TDEWwucZtJIuIhTct8
+AMPY/Ayt+Pf9jXfI+xSQgz3r7Eu5o+rEu02/cthaOc4b3KYDtNkjLKszgiext1BY
+Oq06R+Yyh2qgsg9azzkfudvvpwhCpJ7EOxcdaP3bxwAGKbQlRGF2aWQgTS4gU2hh
+dyA8ZHNoYXdAamFiYmVyd29ja3kuY29tPokCNAQTAQIAHgUCPFTJfAIbAwYLBwoD
+BAIDFQMCAxYCAQIeAQIXgAAKCRDbaY1xmSQlYCQ7D/9MCQd8s1ueGLy81tlxq5LB
+qnSo2cuNQsssxjnskxjbOJId08RdiOAh23fdKXm6T05vTAUAN8oJDsXoaI9jTPjo
+avQ8o/wj94zTm8ni1OoQkTw5wDOte0qbw1B4msSfmeImdC0opJoYz6Nyp+4OXHCW
+fhvmOvAbBvwuchC726NyhGXCzDlfNqFysphgc/epR93AbOHiNKQ0/oJTWaxR0KeG
+j2K+ihOsKx/Tl/0pXVfo7zobAzO+UelHpvH4VMcnaxo2pjIn6eMyDxP4WuiyiqdL
+D3PZI6R6PotPfIdtzCmKJzAXBW4SIBp9ZHdFXs8P5E8oYKBbnO1TDSAtYG8EnqGk
+bbZvCVfd0Utz4miEpvv0EukdoAoqSLz7ZKStrM2jlQNIVVRFbA89srSAZYSGN3s4
+TA3LSxmDaw4Z6gRWBhOtuAeIfhLQ+QTC9h8aqyfWt2nP+4qA8du0FHJANopeBfJo
+vz/4sSx4z0PkbQqUS9lnPxqoNqyqUzP1Ocpg7f8yFYvY28Xsc25c4ImI4ADxlo4r
+/sK00k/vxcGUhg7wE0Xy9r+Rp31GMyUpMd3zF5uD2/qNhd9vVxKM7sWDZuDjczOJ
+yodWjp2DdZWqe+AOvapAvPCQIwWc++Y/xOgina1V8uqadA+Ntc0+jhTM/E3smOfL
+3A0cJIMKSYaU4kfTts6h2rkCDQQ8VMsEEAgA7lKuNHz6iYb+2pAZbxrjp5AHV86p
+btVJQBWpGWkGLERGb6w2hYTL8YXr7JgteBmy1a/+l5ZYjnZFQ8603eZRC1g+/krr
+uWmfiJxE/HtHVcVSDUxXNJiE67DpSdGPf8icIx3c91Xkui9ifS3VMSj1ezWLm5/O
+YF1utTQ5QiwrvzTuaCs8jWDUzxI77FczQYQELuDmHevde4Ke66MeWCJabs9OQ6i6
+1vurJrj1WQQ9pvXOzcbdoQFtAF/vGK82rnr0p5cDyes3S5lCKC4nIhvokHotCf63
+YUU6afG9OLp/ASlcp2h21vmtDp7xSg6D7Ivn5cHtHnBvChG6vjQ9IO5gdwADBQgA
+nNF7z5VcV00LbYQxN1vX77iKwJ1aEZVSYMrJnvthtJPM5alAsOQRRe85pgZsBfd2
+xgKbDZFsQaPei+n59nMPTxl68YsrYOWaBe9IRnEKBYIHSVwDAGsEdxyOKgphNO7c
+QKcpRWdeqi9FQ11cWVLZrSqChmT9Z6uYGLDabKwAhYl6TrEQ2J9OzM586LARZHb8
+m2MOcGrla+XZZannjEVfaei5on8IuhOLalx/vx74C1qLi9B1fI/JyCsJlMQujkDr
+pz80hwIyavutLB9TdQZn8TuNqL/m7cpU1YMbNIa/1Ow2Cio7zrhr/FvTX4KgMaGq
+6ukx7qWDDbME96BF57IMtIkCIgQYAQIADAUCPFTLBAUJEswDAAAKCRDbaY1xmSQl
+YPGsD/40gsxyQv4M8BFfPgnPEOYlSEBwpibr+XRdq7q98n3F9ZlXjJHq74RhX6ao
+tL10wpeMb6fcFKhmaMu8Nhx4PUP9+h11I7EwmMeLn2prG/sSbsgCY4tsEW08NbDz
+cXdj6+KvekpE6lYmOa4ORQTEODx81d9R8DxcqUCYHYn+iYMbEDnBZmHgPc5hkGvB
+Nj2F+dGs4n0iBvxFSBoTSzHb9XksG3/cq8DdW59McJw1/nTyN2kLIvGjNqSeV+2P
+2oeh5NRJAHs9X5W+Zar+sqvlHDa1e0jq2SrMhWdOD1qgTX3BzFyuhWW3IJLdcyFE
+p6NsC/L2eJdkWwclT1xhEvm8LEsB21ndE2UNpIjOUcdFvEnYa84Di8ZpIvEvngG6
+q9tm5K14DXZYQczsN+rrOXgTYfxbEuCzpFCg1DZaRQmWkXcywzo7F2YUgw1nFe9T
+lIrLJgXZcjg+ho3UNmquVr+qNV1IzYCkE6I70J/Q3fuXOfVdM2V0JQTaWfBOUFow
+wVNyzI5XSl8TTwslsGN8roEAGBR33JwhBy6TldhErnR1pvIOVt0kkGXbEqIIYONv
+fsdd2LIFZUfyegh8oFCJNDmKObKnuVyZH53Q3bgTn06D5TdBaCK9usVqUe+JZ1K4
+VLy+20kSiBqaLkel3417o+bqdpL3Uu8gXy1bsOhyo9m79ug8ookCIgQYAQIADAUC
+PFTLCAUJEswDAAAKCRDbaY1xmSQlYGW9D/9ZQP1N5o7Ndm0Nh3WJ6oqSmjhWUQ2f
+AZJqD/4U+z2fqOCQwI5QodSN/DJPRfbx4JnibPkui/8YBktB8SxhoqyD0W7oE5h0
+Xvj0+LeJ/ByhdZCgR/a2RAPu9D64xxh5p/7oyutI2sdLrsTs1OCeCMdaMz5ptrdb
+oGpk4Wv94m1TOC+bztrRhEjDLrEJIPotpOYdSbq+moipSVJBMv9NrxfdeVb40Y4D
+GGqtfsggarquJu9Lnq7PfrCdmdSzQcLI28yP1s6V0f3MZxH+stzTxtCCIsFjTsgx
+Ubuxa/WYiW3qM+At+B6B3HDhBvjFdg2OBP12/2I/2ZiDQdZbUZJ42ND7oi1k34Pd
+fExpCZRMWGr4UTJgtGqlCqSlTLTKmzxkI8d7Z+PHt7uQbew/GnFkzsU+VKtpfpIl
+m3ym+0CgP6ap/nn5B2kSvf77p9iQQXHarl0L3cW7sQMlnPy8L5AqPWkg5+C/ihZW
+gJWT7ujwnbrkrzddJxdBGEBvPNWEoCGzKBp6E0TXxgKfsp4dbszXcGLaaK/cUV2x
+MgVLogjCPnAwaP3l60rc2nb3gV4JfVP9ogoI/Ikbf9nVeruT9dhVWZgNmvj7rRBV
+VN7XjF0VN9ou7N3xuEiRaetd5pmr+Fme0HDCsSlVQuEOcP5LCGQpcwHMdz+DFGvW
+OyACu33k12k2prkBogQ8VMvbEQQA9YjnqxRaPgKrbhTQqrzGMYBuP4QlbsQeEDA3
+y94jlPK++edfyUGUTnquXHDKmPnLwsqszYZCsC35nVP8FOsg0eATYYAj5A9uPDUX
+GQkW1eNQFGoh5p4SxBQZKlVJCAJyVgMxXDtUwDbjQ9CkOONrv1YlajDz9h9yHfFU
+jQrC47sAoOX8LBxMJVdAqGMOQGcI2lTWTfq1BACabalqZ3571+ePoAEsqSxZelhH
+A/Se6oxlfxWNQilDGsgUSm53l7yeJn+8qZuiRm49wMlPZnzLA5isMAh0UyoTSnPs
+8lnZDLbo4/s4H2Jz0+MahJSYtNtSKTNhuJv7Fh/kQGVltAaniUQeecoJK7YxhKbn
+vsXKzg7YEL2DLKDA4AP/RDeDRhK7ehXbkeONeJsOPjvjdATxSa7Io+GIUFB1CSLg
+aHfC43b8j7S5pEiZ8MOW+kwnP35G89h1K89nFpC47Xt8y/5DH4Z/tw3SdaEIr8TS
+L3u/UOK4gZEc5uVhCGBAX/BdIYFWdO2UUjEaO3ox38lgH0HfNscqgN5zCEEc6lmJ
+AiIEGAECAAwFAjxUy9sFCRLMAwAACgkQ22mNcZkkJWAthQ//QCSN1sFaeqFQEki7
+fg6E0n+t7mO+V1llNymp7G8Pq3iSI2d99oijVk2BQnrbhdLy+wjl9LyyzfvvaQ04
+QwAUvJNRgIaOpxkYb3z2tc31ho9eOYsQRmKxVzGWw1ii1OEnMBylsAaG58GpFI/5
+MTfucIlJBvXoESkHSoiyov2Pd1c3hJ/6OuFYbn5dvYplBi2K3pAq12OCmWticFvP
+TBpVlvTED0h+I133oO1e1Rx999u1/PQgLem5qfuz3wLv9r8qkXgy1AqdOEBNsvXS
+o09yWaDTKaZWb6k7viOq6k2aDOi4mr8qgrf8obs6fpOfg6WQw+DRL/T9KUHF0EUS
+PVEMkbMc1V2iHURqXBGnIsa5JAi1eV1cMrp9T25DXWHlEfXRnPPjzTSJyJh2FmL9
+NnQrsmHf8f7DiR7uzCgA8+SZqRmr6o2j0FAPUrV4EmMYB7wTYPwPT7EXXmYs8m0o
+vamXwGbIwT2Z/EGhOc3UdAQF232o156m097tib5HMbTT+8AcjX3TaeXDJpjI35Wy
+bfJ8F2LEWmJsQwPC9MMCfy7SlW8BUqTBaelPvSYoKdLT6FOxtnoAVYn10WRIF7LE
+SySJqENspSpv3ACJ/q1jZN6cXYKFlvKLR5Be/MWtnZ2AXqwHmR/XYGtXI6FRmNd6
+xrb+mP2QwkihMezVT+y2Q/EogXSJAmoEGAECAAwFCRLMAwAFAkQS4BkAUkcgBBkR
+AgAGBQJEEuACAAoJEOJmXIdJ4cvJKsUAn3R2myTGfaAyxiDwL9l3ObofNnX9AJ46
+M4YTuhT9ETVc15IOaHY5VCLcUQkQ22mNcZkkJWCOtg//RVzC6tHMnmZXXA6jslgc
+a2yf/q0zJIULR9azhcraU3yy8OzjVorX1i5Xh5Rr3SmZkHiNUMrOK0jCzyM9ykBa
+58WOwwN1sZoNUQpUtmYja9kj/y444Atf0iIFW9TT4O31j25qEjz7cLZtmv+TnzcS
+IaZekJrIZ/8D74eDqNrfy/WaAi0JK2iMiw4dqwLtIc2W7UTtXfSgiAtNrkp4smrO
+6AUI2Xas7D+3zZiMlIv//W3ZSTF0vHtyBdmvcEPrs6DdjhsM+L7QHLnxD7HD86cv
+Vh+9SzHelc5erhSWbwKMcZKykQ3uHhU9XCt60MYdbc8HHW92g0e9nEipZ7iS23uD
+mzoKvfihtho2+j1w5uKM/S6N/fditlWJ9qHvLHVPLNKPp4DEHo4ns56LCY1cRUX7
+N4TOWu2iVSdtzg8NFvhfnKyWkUTCYFuU64Jiq9XcJLMAn2AY02RzQcF8LwbgzdyI
+NK9pC0y0lH9ZrN6QyGinxILPVtwLsWO17JpDvKQf4+rmR9nHQSsvGJ/FjCDydMx5
+HaT+TfC4KRR8BBgTDgZkq6cllbeC1qgCz3LXgai9pIlvT9httrVcpOL0QHnKM5jd
+7R8JZ1dt5qlltuWsC8Dw52kEGiBn095qmY1FFd02BxL7y7sxHp81m31yTErho+HQ
+lcXTIscl65wt2LwowPG0n2iYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNw
+Qo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYU
+TF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz2
+8iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpu
+QGdudS5vcmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2M
+twUJClROYQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhA
+tm3dxWeUxA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2q
+agd/nRchl9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+E
+wCV7i2e2u5kDKgRHeRfDEQgAnwKxwiRUep5JsTYlvlBODwFt20JWvSVhagsLuFai
+5DyP5R2+acR33/Bc8tjvPQcQ/+oV0g8dkpVZgBhzgiYUocdb3zRlWDbCZ9qDSudI
+p/ZBrw9PplQAn8uTMj1fJrTHDjNqdfMFlbjHdoHmG3TWIAK35/wzaVP+fTOnglKY
+V5GBA3BAgamUSo0gdSTRJ6hwDPoHOX3OFZWHWfh2AaxGU1/2Sz2YOZH30e18gOiI
+Klj0mND62MQzsRro8nkracmYZpE+3s1c6CgSPspY926Sjq5Lii4wd1uU54Aiy2L0
+0f4O8szcoLf/rq6czTvOSrBiwVQ5JEoUrMIjyHrbdGRQfwDg/A2sKSzVE19nOszO
+ndICn0vPw068V+j0uQOWcwf+MRAaZ45wq9kY5204uJXDS4Pm9uXPZa209Ul8ra1I
+n1EG3DhJAnn5Pl+yT6FP8dw29Q7gveCwGjBX1NqOhlj08wTbRAQbRqYODLOUNcNY
+NYA0RKSjN5hiD8nCyl4QfiX4vKRfqrwakYgN8Z1mQC2T9NPWXy2PvJzAdOrv+fcy
+nC8s/of84wpqSCXRa+cUKLZus7SvEJrNRhtTDlT0NbwlAh4ksCGu1dSrZZWCCLB6
+ke7CF7k0poiyePE6tTWOfZxNYQ+yYnHHIIcj3l+dqJxXxMOahxDyaF4XDo8Urmts
+fVPYu3KSZ8yypyAYXWWu00Ibe/4y+Au+UsvnxMXhEp4PDwgAlAU/s1FMwC3sxjmR
+r8Z/NjjOq0f5dplfVl3qShAfiAzxtSQcKn5dX/NP5iPIYcJK9i2K8oXebvnHnEcu
+9ffd3T0pwGA2srBv/rCFcWM/TOHaFkFYUnvRDiZ4FnL2D+Wwlg8m5pQWECYApKxV
+KjL0EyTgpJaam40Jv7sV2lrpvXUgMaeWHhwiqgSC1J4wVS6Gq5ldG3Fl8KLWYlxX
+d1qZwR4xP0Ep8nBYd9+Pm60fCk0p5kvr+iPgelvlTnMsx7fvFqV7qNWEuKJApmb+
+n8yJX+h3FSTiU/Haaqc8jIap+GGE9C20QvaK3NiqMdIc2oqLPStBKCn+TEUBDLAB
+wHTNDLQcV2VybmVyIEtvY2ggPHdrQGcxMGNvZGUuY29tPohxBBMRCwAhAhsDBQkU
+sIqNAh4BAheABQsHCgkCBRUIAgoDBQJHeR6AAAoJEPKthaweQrNn+kQA33yabKyY
+9z1ujVoxcLF7ROc0mSsX75srRXIjxTgA4NKwgnV1GN1QL6bKH4G7AFTgmJMQjWLy
+wpguY3G0Gldlcm5lciBLb2NoIDx3a0BnbnVwZy5vcmc+iHQEExELACQCGwMFCRSw
+io0CHgECF4AFCwcKCQIFFQgCCgMFAkd5HpcCGQEACgkQ8q2FrB5Cs2eXYwDfUNqv
+I0xrFP47l0+sBBD5j8Z9H9FygT4ZuVZOxwDePf9XYQuNja+MQUqZEtZbvilME5zf
+5wUMo3sVtLkBDQRH47TPAQgArMK+fv08+pw2sCF0DQtk717TSyHmcmn8e7ndGXEB
+xZWy/sQWoZrKKr5/gmkCH3O0p/sSZhijfCzTeElFO0ASFaSAvaXcQqhUnjEcI4ic
+3KLbI7fSqoqgvkJ8qwfIFovb8jMO/tBQgNmYAODTBlnLq5zJIvTvpqEAePBZdd90
+SGiC6vNADZ04D5Pbl3ZdXNwakv1y+eLc4jnYPcAkqsf8U7/ClpGcaADPLC0Kp1lN
+6lYBXRV6QXpEa0qh2JT4PGu7981hFVvKjBdvClbz6E8I3aSny8acUF6bBRV+/H9k
+2lW9xrD7+E3obBXJ55CWOL4ynoS69ii2XyVQxyWz+a7ZlwARAQABiF8EGBELAA8F
+AkfjtM8CGwwFCQcajaEACgkQ8q2FrB5Cs2cuqQDfYDr3l9GbFNxAZSv/HSXKcZ5M
+Jys5TLffQYPQXwDfRzV6imKyGJmI6tAaDVAgLDNld64LDP2wrcOezLkBogROsUyG
+EQQAlCMDC6m1nkcdAK3MV884airO5/akCJhT0CWjd6LxbM27SremsW7HSaUoOSNX
+SXpPgktdDcA7y6Y8cXteGm9+/ZHwNoXgYWnTpWjk50qLre0iCNLcpT1V0cMEev5B
+/2YXOiog/7obnI+tjG/y7V41bNzAceKehSFbSi5hyz7EAZMAoIbBb88QRdsh1RKm
+tHdVXsjuvldpA/0cp/wmWwWEfWMGKvtCk5i6Ayl8T6YHRjtqZwnMFrNbjEssulkQ
+0XpDGRcAyO92utp12sl7h8DWl4OSEFh6rnFVJPrII8YQXahrAchB7Mtc5AzDFFmg
+JqvJdp8WEVnx+nLl9shaRifHUSdLwdt909p+1CFm8ChDl7+eZE7YbvEWGQP+JNA0
+DHFqNSxCFzs667Cnic7op3BkaUN13zNuR1aVpepxUEhkk6LfiiHmQON7QHVAqvtq
+/TO0svyy8nAeFhlWqcXX84tuoobmnsCowa137CXYV/SD7JVjy5X/b6cbs2sIty37
+eJLjoffnxQHvN+azf+JtxtTXhMTedhBQAgdlBGaIoQQYEQgACQUCTrgQCQIbAgBS
+CRDyrYWsHkKzZ0cgBBkRCAAGBQJOuBAJAAoJEE8FQNV3+V+VkpoAnA5MTmFbkcoM
+4N4OYwb3YGMfoAD0AJ9j2e0iEo9fhMfcSoKG9xssLopUTOj0AODNadm6ajGAly1I
+oam+eLSbqxHfSkQEHOxhMiFjAN9q4LuirSOu65uR1bnTmF+Z92++qMIuEkH4/LnN
+uQENBE64FVgBCAChkCmMrdCKW/PWuBQs2/lcTqz3i33KOUCynyj1aOzen9HUJVHy
+mJnN4dZTjq3ARlSTuCSoJmQwcmom0wjDS2L9qqCnUctdyIoFxTetnMP3JkBhJ4j5
+IxtwkTznWa0SgEjvBdNUkLTBG/3lgfMFoqlQNh1or07wsHS+LlvaxvFnqMozssKq
+YLC9mTVqWfXvTeRsCzYLvZ6jy4rqbJnDIJzHgqV3K6cyqA5NcZqoWj8OQNUbS+sV
+CU8nkYkDYQA7wm2nwolEfROSdFtSTmL49PNQS1V3MUdLUb7SfsDmwfm59SDmJUp4
+iw3F535P/ei+G5cBYzHO0jN0nzUH/sfM7njjABEBAAGIXwQYEQgADwUCTrgVWAIb
+DAUJBAqORwAKCRDyrYWsHkKzZ6TKAN0WMNFzexmPvciaqa2LyUVUI/ht3suw/tlV
+SGDCAN9tCWF1UFBrQORgcrpgQBfNKPkUdAxxyiDrXfZ1mQENBE0ti4EBCACqGtKl
+X9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3IUe8TuDrGT742XFncG9Po
+MBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjgjvDAH8cZ+fkIayWtObTx
+wqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7KRw6B5ucs4qSzp5VH4Cq
+Dr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8uqA35ZiyczUvvJSLYvf7S
+TO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB1BAY5s3FKqrkaxZr3BBj
+euGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChkaXN0IHNpZymJAT4EEwEC
+ACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECSb
+OdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05shKZOAKw3RUePTU80SRLP
+dg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH85zCwu7SHz9cX3d4UUwzc
+P6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8Klf/wl6jXHn/yP92xG9/
+YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOcWkqwupB+d01R4bHPu9tv
+Xy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgCE4F5XeCB/0ovao2/bk22
+w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2LgQEIAKHwucgbaRj0V7Ht
+0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX1bDVwr/iTPaPPEtpi7oQ
+oHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHULhzKsGg5FC6pRYcEyzRXH
+tv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7nJdwG1cGQOZOIDQQM41g
+BzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOMEJwlo0+NYx2Yn75x66bY
+wdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6JsPmXEyeAyLiCWSh7Rwq8
+uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2fAgAKCRAkmznSTyXjtrsS
+CACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU3BO8iQ0Koy+m0QKY1kWj
+aHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4MepTgpxNiw4+XmykCkN1AfV
+hvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu1GGTTOH0r12Ochc/um+Q
+GAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1Lku4bIVG1Huwo1/0WHc2
+vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacutZXQQ2PPCIY7LlpuS/45C
+XWbT5Y+mxY3y7dbz4aF+8uyCiJwEEAECAAYFAk0tjQQACgkQU7Yg0BzgxjBGTwQA
+i5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfemIjxZZoMLCVM8ly8AC2JP
+rIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HBMpG4gFuOuQmW9QQDjEdh
+1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57Bas=
+=WK93
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
new file mode 100644
index 0000000..200fed8
--- /dev/null
+++ b/doc/scdaemon.texi
@@ -0,0 +1,731 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Invoking SCDAEMON
+@chapter Invoking the SCDAEMON
+@cindex SCDAEMON command options
+@cindex command options
+@cindex options, SCDAEMON command
+
+@manpage scdaemon.1
+@ifset manverb
+.B scdaemon
+\- Smartcard daemon for the GnuPG system
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B scdaemon
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-server
+.br
+.B scdaemon
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-daemon
+.RI [ command_line ]
+@end ifset
+
+
+@mansect description
+The @command{scdaemon} is a daemon to manage smartcards. It is usually
+invoked by @command{gpg-agent} and in general not used directly.
+
+@manpause
+@xref{Option Index}, for an index to @command{scdaemon}'s commands and
+options.
+@mancont
+
+@menu
+* Scdaemon Commands:: List of all commands.
+* Scdaemon Options:: List of all options.
+* Card applications:: Description of card applications.
+* Scdaemon Configuration:: Configuration files.
+* Scdaemon Examples:: Some usage examples.
+* Scdaemon Protocol:: The protocol the daemon uses.
+@end menu
+
+@mansect commands
+
+@node Scdaemon Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Not that you can
+abbreviate this command.
+
+@item --help, -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Not that you can abbreviate this command.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Not that you can
+abbreviate this command.
+
+@item --server
+@opindex server
+Run in server mode and wait for commands on the @code{stdin}. This is
+default mode is to create a socket and listen for commands there.
+
+@item --multi-server
+@opindex multi-server
+Run in server mode and wait for commands on the @code{stdin} as well as
+on an additional Unix Domain socket. The server command @code{GETINFO}
+may be used to get the name of that extra socket.
+
+@item --daemon
+@opindex daemon
+Run the program in the background. This option is required to prevent
+it from being accidentally running in the background.
+
+@end table
+
+
+@mansect options
+
+@node Scdaemon Options
+@section Option Summary
+
+@table @gnupgtabopt
+
+@item --options @var{file}
+@opindex options
+Reads configuration from @var{file} instead of from the default
+per-user configuration file. The default configuration file is named
+@file{scdaemon.conf} and expected in the @file{.gnupg} directory directly
+below the home directory of the user.
+
+@include opt-homedir.texi
+
+
+@item -v
+@item --verbose
+@opindex v
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @command{gpgsm}, such as @samp{-vv}.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or a keyword:
+
+@table @code
+@item none
+No debugging at all. A value of less than 1 may be used instead of
+the keyword.
+@item basic
+Some basic debug messages. A value between 1 and 2 may be used
+instead of the keyword.
+@item advanced
+More verbose debug messages. A value between 3 and 5 may be used
+instead of the keyword.
+@item expert
+Even more detailed messages. A value between 6 and 8 may be used
+instead of the keyword.
+@item guru
+All of the debug messages you can get. A value greater than 8 may be
+used instead of the keyword. The creation of hash tracing files is
+only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@quotation Note
+All debugging options are subject to change and thus should not be used
+by any application program. As the name says, they are only used as
+helpers to debug problems.
+@end quotation
+
+
+@item --debug @var{flags}
+@opindex debug
+This option is only useful for debugging and the behaviour may change at
+any time without notice. FLAGS are bit encoded and may be given in
+usual C-Syntax. The currently defined bits are:
+
+@table @code
+@item 0 (1)
+command I/O
+@item 1 (2)
+values of big number integers
+@item 2 (4)
+low level crypto operations
+@item 5 (32)
+memory allocation
+@item 6 (64)
+caching
+@item 7 (128)
+show memory statistics.
+@item 9 (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol. See also option @option{--debug-assuan-log-cats}.
+@item 11 (2048)
+trace APDU I/O to the card. This may reveal sensitive data.
+@item 12 (4096)
+trace some card reader related function calls.
+@end table
+
+@item --debug-all
+@opindex debug-all
+Same as @code{--debug=0xffffffff}
+
+@item --debug-wait @var{n}
+@opindex debug-wait
+When running in server mode, wait @var{n} seconds before entering the
+actual processing loop and print the pid. This gives time to attach a
+debugger.
+
+@item --debug-ccid-driver
+@opindex debug-wait
+Enable debug output from the included CCID driver for smartcards.
+Using this option twice will also enable some tracing of the T=1
+protocol. Note that this option may reveal sensitive data.
+
+@item --debug-disable-ticker
+@opindex debug-disable-ticker
+This option disables all ticker functions like checking for card
+insertions.
+
+@item --debug-allow-core-dump
+@opindex debug-allow-core-dump
+For security reasons we won't create a core dump when the process
+aborts. For debugging purposes it is sometimes better to allow core
+dump. This options enables it and also changes the working directory to
+@file{/tmp} when running in @option{--server} mode.
+
+@item --debug-log-tid
+@opindex debug-log-tid
+This option appends a thread ID to the PID in the log output.
+
+@item --debug-assuan-log-cats @var{cats}
+@opindex debug-assuan-log-cats
+Changes the active Libassuan logging categories to @var{cats}. The
+value for @var{cats} is an unsigned integer given in usual C-Syntax.
+A value of of 0 switches to a default category. If this option is not
+used the categories are taken from the environment variable
+@samp{ASSUAN_DEBUG}. Note that this option has only an effect if the
+Assuan debug flag has also been with the option @option{--debug}. For
+a list of categories see the Libassuan manual.
+
+@item --no-detach
+@opindex no-detach
+Don't detach the process from the console. This is mainly useful for
+debugging.
+
+@item --log-file @var{file}
+@opindex log-file
+Append all logging output to @var{file}. This is very helpful in
+seeing what the agent actually does.
+
+
+@item --pcsc-driver @var{library}
+@opindex pcsc-driver
+Use @var{library} to access the smartcard reader. The current default
+is @file{libpcsclite.so}. Instead of using this option you might also
+want to install a symbolic link to the default file name
+(e.g. from @file{libpcsclite.so.1}).
+
+@item --ctapi-driver @var{library}
+@opindex ctapi-driver
+Use @var{library} to access the smartcard reader. The current default
+is @file{libtowitoko.so}. Note that the use of this interface is
+deprecated; it may be removed in future releases.
+
+@item --disable-ccid
+@opindex disable-ccid
+Disable the integrated support for CCID compliant readers. This
+allows to fall back to one of the other drivers even if the internal
+CCID driver can handle the reader. Note, that CCID support is only
+available if libusb was available at build time.
+
+@item --reader-port @var{number_or_string}
+@opindex reader-port
+This option may be used to specify the port of the card terminal. A
+value of 0 refers to the first serial device; add 32768 to access USB
+devices. The default is 32768 (first USB device). PC/SC or CCID
+readers might need a string here; run the program in verbose mode to get
+a list of available readers. The default is then the first reader
+found.
+
+To get a list of available CCID readers you may use this command:
+@smallexample
+echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ @{print $2@}'
+@end smallexample
+
+
+@item --card-timeout @var{n}
+@opindex card-timeout
+If @var{n} is not 0 and no client is actively using the card, the card
+will be powered down after @var{n} seconds. Powering down the card
+avoids a potential risk of damaging a card when used with certain
+cheap readers. This also allows non Scdaemon aware applications to
+access the card. The disadvantage of using a card timeout is that
+accessing the card takes longer and that the user needs to enter the
+PIN again after the next power up.
+
+Note that with the current version of Scdaemon the card is powered
+down immediately at the next timer tick for any value of @var{n} other
+than 0.
+
+
+@item --disable-keypad
+@opindex disable-keypad
+Even if a card reader features a keypad, do not try to use it.
+
+
+@item --deny-admin
+@opindex deny-admin
+@opindex allow-admin
+This option disables the use of admin class commands for card
+applications where this is supported. Currently we support it for the
+OpenPGP card. This commands is useful to inhibit accidental access to
+admin class command which could ultimately lock the card through wrong
+PIN numbers. Note that GnuPG versions older than 2.0.11 featured an
+@option{--allow-admin} command which was required to use such admin
+commands. This option has no more effect today because the default is
+now to allow admin commands.
+
+@item --disable-application @var{name}
+@opindex disable-application
+This option disables the use of the card application named
+@var{name}. This is mainly useful for debugging or if a application
+with lower priority should be used by default.
+
+@end table
+
+All the long options may also be given in the configuration file after
+stripping off the two leading dashes.
+
+
+@mansect card applications
+@node Card applications
+@section Description of card applications
+
+@command{scdaemon} supports the card applications as described below.
+
+@menu
+* OpenPGP Card:: The OpenPGP card application
+* NKS Card:: The Telesec NetKey card application
+* DINSIG Card:: The DINSIG card application
+* PKCS#15 Card:: The PKCS#15 card application
+* Geldkarte Card:: The Geldkarte application
+* Undefined Card:: The Undefined stub application
+@end menu
+
+@node OpenPGP Card
+@subsection The OpenPGP card application ``openpgp''
+
+This application is currently only used by @command{gpg} but may in
+future also be useful with @command{gpgsm}. Version 1 and version 2 of
+the card is supported.
+
+The specifications for these cards are available at
+@uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and
+@uref{http://g10code.com/docs/openpgp-card-2.0.pdf}.
+
+@node NKS Card
+@subsection The Telesec NetKey card ``nks''
+
+This is the main application of the Telesec cards as available in
+Germany. It is a superset of the German DINSIG card. The card is
+used by @command{gpgsm}.
+
+@node DINSIG Card
+@subsection The DINSIG card application ``dinsig''
+
+This is an application as described in the German draft standard
+@emph{DIN V 66291-1}. It is intended to be used by cards supporting
+the German signature law and its bylaws (SigG and SigV).
+
+@node PKCS#15 Card
+@subsection The PKCS#15 card application ``p15''
+
+This is common framework for smart card applications. It is used by
+@command{gpgsm}.
+
+@node Geldkarte Card
+@subsection The Geldkarte card application ``geldkarte''
+
+This is a simple application to display information of a German
+Geldkarte. The Geldkarte is a small amount debit card application which
+comes with almost all German banking cards.
+
+@node Undefined Card
+@subsection The Undefined card application ``undefined''
+
+This is a stub application to allow the use of the APDU command even
+if no supported application is found on the card. This application is
+not used automatically but must be explicitly requested using the
+SERIALNO command.
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** FILES ****************
+@c *************** ****************
+@c *******************************************
+@mansect files
+@node Scdaemon Configuration
+@section Configuration files
+
+There are a few configuration files to control certain aspects of
+@command{scdaemons}'s operation. Unless noted, they are expected in the
+current home directory (@pxref{option --homedir}).
+
+@table @file
+
+@item scdaemon.conf
+@cindex scdaemon.conf
+This is the standard configuration file read by @command{scdaemon} on
+startup. It may contain any valid long option; the leading two dashes
+may not be entered and the option may not be abbreviated. This default
+name may be changed on the command line (@pxref{option --options}).
+
+@item scd-event
+@cindex scd-event
+If this file is present and executable, it will be called on veyer card
+reader's status changed. An example of this script is provided with the
+distribution
+
+@item reader_@var{n}.status
+This file is created by @command{sdaemon} to let other applications now
+about reader status changes. Its use is now deprecated in favor of
+@file{scd-event}.
+
+@end table
+
+
+@c
+@c Examples
+@c
+@mansect examples
+@node Scdaemon Examples
+@section Examples
+
+@c man begin EXAMPLES
+
+@example
+$ scdaemon --server -v
+@end example
+
+@c man end
+
+@c
+@c Assuan Protocol
+@c
+@manpause
+@node Scdaemon Protocol
+@section Scdaemon's Assuan Protocol
+
+The SC-Daemon should be started by the system to provide access to
+external tokens. Using Smartcards on a multi-user system does not
+make much sense expect for system services, but in this case no
+regular user accounts are hosted on the machine.
+
+A client connects to the SC-Daemon by connecting to the socket named
+@file{/var/run/scdaemon/socket}, configuration information is read from
+@var{/etc/scdaemon.conf}
+
+Each connection acts as one session, SC-Daemon takes care of
+synchronizing access to a token between sessions.
+
+@menu
+* Scdaemon SERIALNO:: Return the serial number.
+* Scdaemon LEARN:: Read all useful information from the card.
+* Scdaemon READCERT:: Return a certificate.
+* Scdaemon READKEY:: Return a public key.
+* Scdaemon PKSIGN:: Signing data with a Smartcard.
+* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard.
+* Scdaemon GETATTR:: Read an attribute's value.
+* Scdaemon SETATTR:: Update an attribute's value.
+* Scdaemon WRITEKEY:: Write a key to a card.
+* Scdaemon GENKEY:: Generate a new key on-card.
+* Scdaemon RANDOM:: Return random bytes generate on-card.
+* Scdaemon PASSWD:: Change PINs.
+* Scdaemon CHECKPIN:: Perform a VERIFY operation.
+* Scdaemon RESTART:: Restart connection
+* Scdaemon APDU:: Send a verbatim APDU to the card
+@end menu
+
+@node Scdaemon SERIALNO
+@subsection Return the serial number
+
+This command should be used to check for the presence of a card. It is
+special in that it can be used to reset the card. Most other commands
+will return an error when a card change has been detected and the use of
+this function is therefore required.
+
+Background: We want to keep the client clear of handling card changes
+between operations; i.e. the client can assume that all operations are
+done on the same card unless he call this function.
+
+@example
+ SERIALNO
+@end example
+
+Return the serial number of the card using a status response like:
+
+@example
+ S SERIALNO D27600000000000000000000 0
+@end example
+
+The trailing 0 should be ignored for now, it is reserved for a future
+extension. The serial number is the hex encoded value identified by
+the @code{0x5A} tag in the GDO file (FIX=0x2F02).
+
+
+
+@node Scdaemon LEARN
+@subsection Read all useful information from the card
+
+@example
+ LEARN [--force]
+@end example
+
+Learn all useful information of the currently inserted card. When
+used without the force options, the command might do an INQUIRE
+like this:
+
+@example
+ INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
+@end example
+
+The client should just send an @code{END} if the processing should go on
+or a @code{CANCEL} to force the function to terminate with a cancel
+error message. The response of this command is a list of status lines
+formatted as this:
+
+@example
+ S KEYPAIRINFO @var{hexstring_with_keygrip} @var{hexstring_with_id}
+@end example
+
+If there is no certificate yet stored on the card a single "X" is
+returned in @var{hexstring_with_keygrip}.
+
+@node Scdaemon READCERT
+@subsection Return a certificate
+
+@example
+ READCERT @var{hexified_certid}|@var{keyid}
+@end example
+
+This function is used to read a certificate identified by
+@var{hexified_certid} from the card. With OpenPGP cards the keyid
+@code{OpenPGP.3} may be used to rad the certificate of version 2 cards.
+
+
+@node Scdaemon READKEY
+@subsection Return a public key
+
+@example
+READKEY @var{hexified_certid}
+@end example
+
+Return the public key for the given cert or key ID as an standard
+S-Expression.
+
+
+
+@node Scdaemon PKSIGN
+@subsection Signing data with a Smartcard
+
+To sign some data the caller should use the command
+
+@example
+ SETDATA @var{hexstring}
+@end example
+
+to tell @command{scdaemon} about the data to be signed. The data must be given in
+hex notation. The actual signing is done using the command
+
+@example
+ PKSIGN @var{keyid}
+@end example
+
+where @var{keyid} is the hexified ID of the key to be used. The key id
+may have been retrieved using the command @code{LEARN}. If another
+hash algorithm than SHA-1 is used, that algorithm may be given like:
+
+@example
+ PKSIGN --hash=@var{algoname} @var{keyid}
+@end example
+
+With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}.
+
+
+@node Scdaemon PKDECRYPT
+@subsection Decrypting data with a Smartcard
+
+To decrypt some data the caller should use the command
+
+@example
+ SETDATA @var{hexstring}
+@end example
+
+to tell @command{scdaemon} about the data to be decrypted. The data
+must be given in hex notation. The actual decryption is then done
+using the command
+
+@example
+ PKDECRYPT @var{keyid}
+@end example
+
+where @var{keyid} is the hexified ID of the key to be used.
+
+
+@node Scdaemon GETATTR
+@subsection Read an attribute's value.
+
+TO BE WRITTEN.
+
+@node Scdaemon SETATTR
+@subsection Update an attribute's value.
+
+TO BE WRITTEN.
+
+@node Scdaemon WRITEKEY
+@subsection Write a key to a card.
+
+@example
+ WRITEKEY [--force] @var{keyid}
+@end example
+
+This command is used to store a secret key on a smartcard. The
+allowed keyids depend on the currently selected smartcard
+application. The actual keydata is requested using the inquiry
+@code{KEYDATA} and need to be provided without any protection. With
+@option{--force} set an existing key under this @var{keyid} will get
+overwritten. The key data is expected to be the usual canonical encoded
+S-expression.
+
+A PIN will be requested in most cases. This however depends on the
+actual card application.
+
+
+@node Scdaemon GENKEY
+@subsection Generate a new key on-card.
+
+TO BE WRITTEN.
+
+@node Scdaemon RANDOM
+@subsection Return random bytes generate on-card.
+
+TO BE WRITTEN.
+
+
+@node Scdaemon PASSWD
+@subsection Change PINs.
+
+@example
+ PASSWD [--reset] [--nullpin] @var{chvno}
+@end example
+
+Change the PIN or reset the retry counter of the card holder
+verification vector number @var{chvno}. The option @option{--nullpin}
+is used to initialize the PIN of TCOS cards (6 byte NullPIN only).
+
+
+@node Scdaemon CHECKPIN
+@subsection Perform a VERIFY operation.
+
+@example
+ CHECKPIN @var{idstr}
+@end example
+
+Perform a VERIFY operation without doing anything else. This may be
+used to initialize a the PIN cache earlier to long lasting
+operations. Its use is highly application dependent:
+
+@table @strong
+@item OpenPGP
+
+Perform a simple verify operation for CHV1 and CHV2, so that further
+operations won't ask for CHV2 and it is possible to do a cheap check on
+the PIN: If there is something wrong with the PIN entry system, only the
+regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is
+the usual card's serial number in hex notation; an optional fingerprint
+part will get ignored.
+
+There is however a special mode if @var{idstr} is suffixed with the
+literal string @code{[CHV3]}: In this case the Admin PIN is checked if
+and only if the retry counter is still at 3.
+
+@end table
+
+
+
+@node Scdaemon RESTART
+@subsection Perform a RESTART operation.
+
+@example
+ RESTART
+@end example
+
+Restart the current connection; this is a kind of warm reset. It
+deletes the context used by this connection but does not actually
+reset the card.
+
+This is used by gpg-agent to reuse a primary pipe connection and
+may be used by clients to backup from a conflict in the serial
+command; i.e. to select another application.
+
+
+
+
+@node Scdaemon APDU
+@subsection Send a verbatim APDU to the card.
+
+@example
+ APDU [--atr] [--more] [--exlen[=@var{n}]] [@var{hexstring}]
+@end example
+
+
+Send an APDU to the current reader. This command bypasses the high
+level functions and sends the data directly to the card.
+@var{hexstring} is expected to be a proper APDU. If @var{hexstring} is
+not given no commands are send to the card; However the command will
+implicitly check whether the card is ready for use.
+
+Using the option @code{--atr} returns the ATR of the card as a status
+message before any data like this:
+@example
+ S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
+@end example
+
+Using the option @code{--more} handles the card status word MORE_DATA
+(61xx) and concatenate all responses to one block.
+
+Using the option @code{--exlen} the returned APDU may use extended
+length up to N bytes. If N is not given a default value is used
+(currently 4096).
+
+
+
+@mansect see also
+@ifset isman
+@command{gpg-agent}(1),
+@command{gpgsm}(1),
+@command{gpg2}(1)
+@end ifset
+@include see-also-note.texi
+
diff --git a/doc/see-also-note.texi b/doc/see-also-note.texi
new file mode 100644
index 0000000..b18efc3
--- /dev/null
+++ b/doc/see-also-note.texi
@@ -0,0 +1,14 @@
+@c We append this note to all ``see also'' sections of the man pages
+
+@ifset isman
+The full documentation for this tool is maintained as a Texinfo manual.
+If GnuPG and the info program are properly installed at your site, the
+command
+
+@example
+info gnupg
+@end example
+
+should give you access to the complete manual including a menu structure
+and an index.
+@end ifset
diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi
new file mode 100644
index 0000000..7d23ed8
--- /dev/null
+++ b/doc/specify-user-id.texi
@@ -0,0 +1,171 @@
+@c Include file to allow for different placements in man pages and the manual
+
+There are different ways to specify a user ID to GnuPG. Some of them
+are only valid for @command{gpg} others are only good for
+@command{gpgsm}. Here is the entire list of ways to specify a key:
+
+@itemize @bullet
+
+@item By key Id.
+This format is deduced from the length of the string and its content or
+@code{0x} prefix. The key Id of an X.509 certificate are the low 64 bits
+of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for
+all automated processing the fingerprint should be used.
+
+When using @command{gpg} an exclamation mark (!) may be appended to
+force using the specified primary or secondary key and not to try and
+calculate which primary or secondary key to use.
+
+The last four lines of the example give the key ID in their long form as
+internally used by the OpenPGP protocol. You can see the long key ID
+using the option @option{--with-colons}.
+
+@cartouche
+@example
+234567C4
+0F34E556E
+01347A56A
+0xAB123456
+
+234AABBCC34567C4
+0F323456784E56EAB
+01AB3FED1347A5612
+0x234AABBCC34567C4
+@end example
+@end cartouche
+
+
+
+@item By fingerprint.
+This format is deduced from the length of the string and its content or
+the @code{0x} prefix. Note, that only the 20 byte version fingerprint
+is available with @command{gpgsm} (i.e. the SHA-1 hash of the
+certificate).
+
+When using @command{gpg} an exclamation mark (!) may be appended to
+force using the specified primary or secondary key and not to try and
+calculate which primary or secondary key to use.
+
+The best way to specify a key Id is by using the fingerprint. This
+avoids any ambiguities in case that there are duplicated key IDs.
+
+@cartouche
+@example
+1234343434343434C434343434343434
+123434343434343C3434343434343734349A3434
+0E12343434343434343434EAB3484343434343434
+0xE12343434343434343434EAB3484343434343434
+@end example
+@end cartouche
+
+@noindent
+(@command{gpgsm} also accepts colons between each pair of hexadecimal
+digits because this is the de-facto standard on how to present X.509
+fingerprints.)
+
+@item By exact match on OpenPGP user ID.
+This is denoted by a leading equal sign. It does not make sense for
+X.509 certificates.
+
+@cartouche
+@example
+=Heinrich Heine <heinrichh@@uni-duesseldorf.de>
+@end example
+@end cartouche
+
+@item By exact match on an email address.
+This is indicated by enclosing the email address in the usual way
+with left and right angles.
+
+@cartouche
+@example
+<heinrichh@@uni-duesseldorf.de>
+@end example
+@end cartouche
+
+
+@item By word match.
+All words must match exactly (not case sensitive) but can appear in any
+order in the user ID or a subjects name. Words are any sequences of
+letters, digits, the underscore and all characters with bit 7 set.
+
+@cartouche
+@example
++Heinrich Heine duesseldorf
+@end example
+@end cartouche
+
+@item By exact match on the subject's DN.
+This is indicated by a leading slash, directly followed by the RFC-2253
+encoded DN of the subject. Note that you can't use the string printed
+by "gpgsm --list-keys" because that one as been reordered and modified
+for better readability; use --with-colons to print the raw (but standard
+escaped) RFC-2253 string
+
+@cartouche
+@example
+/CN=Heinrich Heine,O=Poets,L=Paris,C=FR
+@end example
+@end cartouche
+
+@item By exact match on the issuer's DN.
+This is indicated by a leading hash mark, directly followed by a slash
+and then directly followed by the rfc2253 encoded DN of the issuer.
+This should return the Root cert of the issuer. See note above.
+
+@cartouche
+@example
+#/CN=Root Cert,O=Poets,L=Paris,C=FR
+@end example
+@end cartouche
+
+
+@item By exact match on serial number and issuer's DN.
+This is indicated by a hash mark, followed by the hexadecimal
+representation of the serial number, then followed by a slash and the
+RFC-2253 encoded DN of the issuer. See note above.
+
+@cartouche
+@example
+#4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
+@end example
+@end cartouche
+
+@item By keygrip
+This is indicated by an ampersand followed by the 40 hex digits of a
+keygrip. @command{gpgsm} prints the keygrip when using the command
+@option{--dump-cert}. It does not yet work for OpenPGP keys.
+
+@cartouche
+@example
+&D75F22C3F86E355877348498CDC92BD21010A480
+@end example
+@end cartouche
+
+
+@item By substring match.
+This is the default mode but applications may want to explicitly
+indicate this by putting the asterisk in front. Match is not case
+sensitive.
+
+@cartouche
+@example
+Heine
+*Heine
+@end example
+@end cartouche
+
+@end itemize
+
+
+Please note that we have reused the hash mark identifier which was used
+in old GnuPG versions to indicate the so called local-id. It is not
+anymore used and there should be no conflict when used with X.509 stuff.
+
+Using the RFC-2253 format of DNs has the drawback that it is not
+possible to map them back to the original encoding, however we don't
+have to do this because our key database stores this encoding as meta
+data.
+
+
+
diff --git a/doc/stamp-vti b/doc/stamp-vti
new file mode 100644
index 0000000..8f6243a
--- /dev/null
+++ b/doc/stamp-vti
@@ -0,0 +1,4 @@
+@set UPDATED 27 March 2012
+@set UPDATED-MONTH March 2012
+@set EDITION 2.0.19
+@set VERSION 2.0.19
diff --git a/doc/sysnotes.texi b/doc/sysnotes.texi
new file mode 100644
index 0000000..a8cea87
--- /dev/null
+++ b/doc/sysnotes.texi
@@ -0,0 +1,86 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node System Notes
+@chapter Notes pertaining to certain OSes.
+
+GnuPG has been developed on GNU/Linux systems and is know to work on
+almost all Free OSes. All modern POSIX systems should be supported
+right now, however there are probably a lot of smaller glitches we need
+to fix first. The major problem areas are:
+
+@itemize
+@item
+For logging to sockets and other internal operations the
+@code{fopencookie} function (@code{funopen} under *BSD) is used. This
+is a very convenient function which makes it possible to create outputs in
+a structures and easy maintainable way. The drawback however is that
+most proprietary OSes don't support this function. At g10@tie{}Code we
+have looked into several ways on how to overcome this limitation but no
+sufficiently easy and maintainable way has been found. Porting
+@emph{glibc} to a general POSIX system is of course an option and would
+make writing portable software much easier; this it has not yet been
+done and the system administrator would need to cope with the GNU
+specific admin things in addition to the generic ones of his system.
+
+We have now settled to use explicit stdio wrappers with a functionality
+similar to funopen. Although the code for this has already been written
+(@emph{libestream}), we have not yet changed GnuPG to use it.
+
+This means that on systems not supporting either @code{funopen} or
+@code{fopencookie}, logging to a socket won't work, prompts are not
+formatted as pretty as they should be and @command{gpgsm}'s
+@code{LISTKEYS} Assuan command does not work.
+
+@item
+We are planning to use file descriptor passing for interprocess
+communication. This will allow us save a lot of resources and improve
+performance of certain operations a lot. Systems not supporting this
+won't gain these benefits but we try to keep them working the standard
+way as it is done today.
+
+@item
+We require more or less full POSIX compatibility. This has been
+around for 15 years now and thus we don't believe it makes sense to
+support non POSIX systems anymore. Well, we of course the usual
+workarounds for near POSIX systems well be applied.
+
+There is one exception of this rule: Systems based the Microsoft Windows
+API (called here @emph{W32}) will be supported to some extend.
+
+@end itemize
+
+
+@menu
+* W32 Notes:: Microsoft Windows Notes
+@end menu
+
+
+@node W32 Notes
+@section Microsoft Windows Notes
+
+@noindent
+Current limitations are:
+
+@itemize
+
+@item
+@command{gpgconf} does not create backup files, so in case of trouble
+your configuration file might get lost.
+
+@item
+@command{watchgnupg} is not available. Logging to sockets is not
+possible.
+
+@item
+The periodical smartcard status checking done by @command{scdaemon} is
+not yet supported.
+
+@end itemize
+
+
+
+
+
+
diff --git a/doc/texi.css b/doc/texi.css
new file mode 100644
index 0000000..a369abc
--- /dev/null
+++ b/doc/texi.css
@@ -0,0 +1,6 @@
+/* The gnupg.org standard stylesheet. */
+ @import url(/share/site.css);
+
+
+
+
diff --git a/doc/tools.texi b/doc/tools.texi
new file mode 100644
index 0000000..be1233b
--- /dev/null
+++ b/doc/tools.texi
@@ -0,0 +1,1899 @@
+@c Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file GnuPG.texi.
+
+@node Helper Tools
+@chapter Helper Tools
+
+GnuPG comes with a couple of smaller tools:
+
+@menu
+* watchgnupg:: Read logs from a socket.
+* gpgv:: Verify OpenPGP signatures.
+* addgnupghome:: Create .gnupg home directories.
+* gpgconf:: Modify .gnupg home directories.
+* applygnupgdefaults:: Run gpgconf for all users.
+* gpgsm-gencert.sh:: Generate an X.509 certificate request.
+* gpg-preset-passphrase:: Put a passphrase into the cache.
+* gpg-connect-agent:: Communicate with a running agent.
+@ifset gpgtwoone
+* dirmngr-client:: How to use the Dirmngr client tool.
+@end ifset
+* gpgparsemail:: Parse a mail message into an annotated format
+* symcryptrun:: Call a simple symmetric encryption tool.
+* gpg-zip:: Encrypt or sign files into an archive.
+@end menu
+
+@c
+@c WATCHGNUPG
+@c
+@manpage watchgnupg.1
+@node watchgnupg
+@section Read logs from a socket
+@ifset manverb
+.B watchgnupg
+\- Read and print logs from a socket
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B watchgnupg
+.RB [ \-\-force ]
+.RB [ \-\-verbose ]
+.I socketname
+@end ifset
+
+@mansect description
+Most of the main utilities are able to write their log files to a Unix
+Domain socket if configured that way. @command{watchgnupg} is a simple
+listener for such a socket. It ameliorates the output with a time stamp
+and makes sure that long lines are not interspersed with log output from
+other utilities. This tool is not available for Windows.
+
+
+@noindent
+@command{watchgnupg} is commonly invoked as
+
+@example
+watchgnupg --force ~/.gnupg/S.log
+@end example
+@manpause
+
+@noindent
+This starts it on the current terminal for listening on the socket
+@file{~/.gnupg/S.log}.
+
+@mansect options
+@noindent
+@command{watchgnupg} understands these options:
+
+@table @gnupgtabopt
+
+@item --force
+@opindex force
+Delete an already existing socket file.
+
+@anchor{option watchgnupg --tcp}
+@item --tcp @var{n}
+Instead of reading from a local socket, listen for connects on TCP port
+@var{n}.
+
+@item --verbose
+@opindex verbose
+Enable extra informational output.
+
+@item --version
+@opindex version
+Print version of the program and exit.
+
+@item --help
+@opindex help
+Display a brief help page and exit.
+
+@end table
+
+@noindent
+@mansect examples
+@chapheading Examples
+
+@example
+$ watchgnupg --force /home/foo/.gnupg/S.log
+@end example
+
+This waits for connections on the local socket
+@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
+work the option @option{log-file} needs to be used with all modules
+which logs are to be shown. The value for that option must be given
+with a special prefix (e.g. in the conf file):
+
+@example
+log-file socket:///home/foo/.gnupg/S.log
+@end example
+
+For debugging purposes it is also possible to do remote logging. Take
+care if you use this feature because the information is send in the
+clear over the network. Use this syntax in the conf files:
+
+@example
+log-file tcp://192.168.1.1:4711
+@end example
+
+You may use any port and not just 4711 as shown above; only IP addresses
+are supported (v4 and v6) and no host names. You need to start
+@command{watchgnupg} with the @option{tcp} option. Note that under
+Windows the registry entry @var{HKCU\Software\GNU\GnuPG:DefaultLogFile}
+can be used to change the default log output from @code{stderr} to
+whatever is given by that entry. However the only useful entry is a TCP
+name for remote debugging.
+
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
+
+
+@c
+@c GPGV
+@c
+@include gpgv.texi
+
+
+@c
+@c ADDGNUPGHOME
+@c
+@manpage addgnupghome.8
+@node addgnupghome
+@section Create .gnupg home directories.
+@ifset manverb
+.B addgnupghome
+\- Create .gnupg home directories
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B addgnupghome
+.I account_1
+.IR account_2 ... account_n
+@end ifset
+
+@mansect description
+If GnuPG is installed on a system with existing user accounts, it is
+sometimes required to populate the GnuPG home directory with existing
+files. Especially a @file{trustlist.txt} and a keybox with some
+initial certificates are often desired. This scripts help to do this
+by copying all files from @file{/etc/skel/.gnupg} to the home
+directories of the accounts given on the command line. It takes care
+not to overwrite existing GnuPG home directories.
+
+@noindent
+@command{addgnupghome} is invoked by root as:
+
+@example
+addgnupghome account1 account2 ... accountn
+@end example
+
+
+@c
+@c GPGCONF
+@c
+@manpage gpgconf.1
+@node gpgconf
+@section Modify .gnupg home directories.
+@ifset manverb
+.B gpgconf
+\- Modify .gnupg home directories
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgconf
+.RI [ options ]
+.B \-\-list-components
+.br
+.B gpgconf
+.RI [ options ]
+.B \-\-list-options
+.I component
+.br
+.B gpgconf
+.RI [ options ]
+.B \-\-change-options
+.I component
+@end ifset
+
+
+@mansect description
+The @command{gpgconf} is a utility to automatically and reasonable
+safely query and modify configuration files in the @file{.gnupg} home
+directory. It is designed not to be invoked manually by the user, but
+automatically by graphical user interfaces (GUI).@footnote{Please note
+that currently no locking is done, so concurrent access should be
+avoided. There are some precautions to avoid corruption with
+concurrent usage, but results may be inconsistent and some changes may
+get lost. The stateless design makes it difficult to provide more
+guarantees.}
+
+@command{gpgconf} provides access to the configuration of one or more
+components of the GnuPG system. These components correspond more or
+less to the programs that exist in the GnuPG framework, like GnuPG,
+GPGSM, DirMngr, etc. But this is not a strict one-to-one
+relationship. Not all configuration options are available through
+@command{gpgconf}. @command{gpgconf} provides a generic and abstract
+method to access the most important configuration options that can
+feasibly be controlled via such a mechanism.
+
+@command{gpgconf} can be used to gather and change the options
+available in each component, and can also provide their default
+values. @command{gpgconf} will give detailed type information that
+can be used to restrict the user's input without making an attempt to
+commit the changes.
+
+@command{gpgconf} provides the backend of a configuration editor. The
+configuration editor would usually be a graphical user interface
+program, that allows to display the current options, their default
+values, and allows the user to make changes to the options. These
+changes can then be made active with @command{gpgconf} again. Such a
+program that uses @command{gpgconf} in this way will be called GUI
+throughout this section.
+
+@menu
+* Invoking gpgconf:: List of all commands and options.
+* Format conventions:: Formatting conventions relevant for all commands.
+* Listing components:: List all gpgconf components.
+* Checking programs:: Check all programs know to gpgconf.
+* Listing options:: List all options of a component.
+* Changing options:: Changing options of a component.
+* Listing global options:: List all global options.
+* Files used by gpgconf:: What files are used by gpgconf.
+@end menu
+
+@manpause
+@node Invoking gpgconf
+@subsection Invoking gpgconf
+
+@mansect commands
+One of the following commands must be given:
+
+@table @gnupgtabopt
+
+@item --list-components
+List all components. This is the default command used if none is
+specified.
+
+@item --check-programs
+List all available backend programs and test whether they are runnable.
+
+@item --list-options @var{component}
+List all options of the component @var{component}.
+
+@item --change-options @var{component}
+Change the options of the component @var{component}.
+
+@item --check-options @var{component}
+Check the options for the component @var{component}.
+
+@item --apply-defaults
+Update all configuration files with values taken from the global
+configuration file (usually @file{/etc/gnupg/gpgconf.conf}).
+
+@item --list-dirs
+Lists the directories used by @command{gpgconf}. One directory is
+listed per line, and each line consists of a colon-separated list where
+the first field names the directory type (for example @code{sysconfdir})
+and the second field contains the percent-escaped directory. Although
+they are not directories, the socket file names used by
+@command{gpg-agent} and @command{dirmngr} are printed as well. Note
+that the socket file names and the @code{homedir} lines are the default
+names and they may be overridden by command line switches.
+
+@item --list-config [@var{filename}]
+List the global configuration file in a colon separated format. If
+@var{filename} is given, check that file instead.
+
+@item --check-config [@var{filename}]
+Run a syntax check on the global configuration file. If @var{filename}
+is given, check that file instead.
+
+@item --reload [@var{component}]
+@opindex reload
+Reload all or the given component. This is basically the same as sending
+a SIGHUP to the component. Components which don't support reloading are
+ignored.
+
+@item --kill [@var{component}]
+@opindex kill
+Kill the given component. Components which support killing are
+gpg-agent and scdaemon. Components which don't support reloading are
+ignored. Note that as of now reload and kill have the same effect for
+scdaemon.
+
+@end table
+
+
+@mansect options
+
+The following options may be used:
+
+@table @gnupgtabopt
+@c FIXME: Not yet supported.
+@c @item -o @var{file}
+@c @itemx --output @var{file}
+@c Use @var{file} as output file.
+
+@item -v
+@itemx --verbose
+Outputs additional information while running. Specifically, this
+extends numerical field values by human-readable descriptions.
+
+@item -n
+@itemx --dry-run
+Do not actually change anything. This is currently only implemented
+for @code{--change-options} and can be used for testing purposes.
+
+@item -r
+@itemx --runtime
+Only used together with @code{--change-options}. If one of the
+modified options can be changed in a running daemon process, signal
+the running daemon to ask it to reparse its configuration file after
+changing.
+
+This means that the changes will take effect at run-time, as far as
+this is possible. Otherwise, they will take effect at the next start
+of the respective backend programs.
+@manpause
+@end table
+
+
+@node Format conventions
+@subsection Format conventions
+
+Some lines in the output of @command{gpgconf} contain a list of
+colon-separated fields. The following conventions apply:
+
+@itemize @bullet
+@item
+The GUI program is required to strip off trailing newline and/or
+carriage return characters from the output.
+
+@item
+@command{gpgconf} will never leave out fields. If a certain version
+provides a certain field, this field will always be present in all
+@command{gpgconf} versions from that time on.
+
+@item
+Future versions of @command{gpgconf} might append fields to the list.
+New fields will always be separated from the previously last field by
+a colon separator. The GUI should be prepared to parse the last field
+it knows about up until a colon or end of line.
+
+@item
+Not all fields are defined under all conditions. You are required to
+ignore the content of undefined fields.
+@end itemize
+
+There are several standard types for the content of a field:
+
+@table @asis
+@item verbatim
+Some fields contain strings that are not escaped in any way. Such
+fields are described to be used @emph{verbatim}. These fields will
+never contain a colon character (for obvious reasons). No de-escaping
+or other formatting is required to use the field content. This is for
+easy parsing of the output, when it is known that the content can
+never contain any special characters.
+
+@item percent-escaped
+Some fields contain strings that are described to be
+@emph{percent-escaped}. Such strings need to be de-escaped before
+their content can be presented to the user. A percent-escaped string
+is de-escaped by replacing all occurrences of @code{%XY} by the byte
+that has the hexadecimal value @code{XY}. @code{X} and @code{Y} are
+from the set @code{0-9a-f}.
+
+@item localised
+Some fields contain strings that are described to be @emph{localised}.
+Such strings are translated to the active language and formatted in
+the active character set.
+
+@item @w{unsigned number}
+Some fields contain an @emph{unsigned number}. This number will
+always fit into a 32-bit unsigned integer variable. The number may be
+followed by a space, followed by a human readable description of that
+value (if the verbose option is used). You should ignore everything
+in the field that follows the number.
+
+@item @w{signed number}
+Some fields contain a @emph{signed number}. This number will always
+fit into a 32-bit signed integer variable. The number may be followed
+by a space, followed by a human readable description of that value (if
+the verbose option is used). You should ignore everything in the
+field that follows the number.
+
+@item @w{boolean value}
+Some fields contain a @emph{boolean value}. This is a number with
+either the value 0 or 1. The number may be followed by a space,
+followed by a human readable description of that value (if the verbose
+option is used). You should ignore everything in the field that follows
+the number; checking just the first character is sufficient in this
+case.
+
+@item option
+Some fields contain an @emph{option} argument. The format of an
+option argument depends on the type of the option and on some flags:
+
+@table @asis
+@item no argument
+The simplest case is that the option does not take an argument at all
+(@var{type} @code{0}). Then the option argument is an unsigned number
+that specifies how often the option occurs. If the @code{list} flag
+is not set, then the only valid number is @code{1}. Options that do
+not take an argument never have the @code{default} or @code{optional
+arg} flag set.
+
+@item number
+If the option takes a number argument (@var{alt-type} is @code{2} or
+@code{3}), and it can only occur once (@code{list} flag is not set),
+then the option argument is either empty (only allowed if the argument
+is optional), or it is a number. A number is a string that begins
+with an optional minus character, followed by one or more digits. The
+number must fit into an integer variable (unsigned or signed,
+depending on @var{alt-type}).
+
+@item number list
+If the option takes a number argument and it can occur more than once,
+then the option argument is either empty, or it is a comma-separated
+list of numbers as described above.
+
+@item string
+If the option takes a string argument (@var{alt-type} is 1), and it
+can only occur once (@code{list} flag is not set) then the option
+argument is either empty (only allowed if the argument is optional),
+or it starts with a double quote character (@code{"}) followed by a
+percent-escaped string that is the argument value. Note that there is
+only a leading double quote character, no trailing one. The double
+quote character is only needed to be able to differentiate between no
+value and the empty string as value.
+
+@item string list
+If the option takes a number argument and it can occur more than once,
+then the option argument is either empty, or it is a comma-separated
+list of string arguments as described above.
+@end table
+@end table
+
+The active language and character set are currently determined from
+the locale environment of the @command{gpgconf} program.
+
+@c FIXME: Document the active language and active character set. Allow
+@c to change it via the command line?
+
+
+@mansect usage
+@node Listing components
+@subsection Listing components
+
+The command @code{--list-components} will list all components that can
+be configured with @command{gpgconf}. Usually, one component will
+correspond to one GnuPG-related program and contain the options of
+that programs configuration file that can be modified using
+@command{gpgconf}. However, this is not necessarily the case. A
+component might also be a group of selected options from several
+programs, or contain entirely virtual options that have a special
+effect rather than changing exactly one option in one configuration
+file.
+
+A component is a set of configuration options that semantically belong
+together. Furthermore, several changes to a component can be made in
+an atomic way with a single operation. The GUI could for example
+provide a menu with one entry for each component, or a window with one
+tabulator sheet per component.
+
+The command argument @code{--list-components} lists all available
+components, one per line. The format of each line is:
+
+@code{@var{name}:@var{description}:@var{pgmname}:}
+
+@table @var
+@item name
+This field contains a name tag of the component. The name tag is used
+to specify the component in all communication with @command{gpgconf}.
+The name tag is to be used @emph{verbatim}. It is thus not in any
+escaped format.
+
+@item description
+The @emph{string} in this field contains a human-readable description
+of the component. It can be displayed to the user of the GUI for
+informational purposes. It is @emph{percent-escaped} and
+@emph{localized}.
+
+@item pgmname
+The @emph{string} in this field contains the absolute name of the
+program's file. It can be used to unambiguously invoke that program.
+It is @emph{percent-escaped}.
+@end table
+
+Example:
+@example
+$ gpgconf --list-components
+gpg:GPG for OpenPGP:/usr/local/bin/gpg2:
+gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:
+scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:
+gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:
+dirmngr:Directory Manager:/usr/local/bin/dirmngr:
+@end example
+
+
+
+@node Checking programs
+@subsection Checking programs
+
+The command @code{--check-programs} is similar to
+@code{--list-components} but works on backend programs and not on
+components. It runs each program to test whether it is installed and
+runnable. This also includes a syntax check of all config file options
+of the program.
+
+The command argument @code{--check-programs} lists all available
+programs, one per line. The format of each line is:
+
+@code{@var{name}:@var{description}:@var{pgmname}:@var{avail}:@var{okay}:@var{cfgfile}:@var{line}:@var{error}:}
+
+@table @var
+@item name
+This field contains a name tag of the program which is identical to the
+name of the component. The name tag is to be used @emph{verbatim}. It
+is thus not in any escaped format. This field may be empty to indicate
+a continuation of error descriptions for the last name. The description
+and pgmname fields are then also empty.
+
+@item description
+The @emph{string} in this field contains a human-readable description
+of the component. It can be displayed to the user of the GUI for
+informational purposes. It is @emph{percent-escaped} and
+@emph{localized}.
+
+@item pgmname
+The @emph{string} in this field contains the absolute name of the
+program's file. It can be used to unambiguously invoke that program.
+It is @emph{percent-escaped}.
+
+@item avail
+The @emph{boolean value} in this field indicates whether the program is
+installed and runnable.
+
+@item okay
+The @emph{boolean value} in this field indicates whether the program's
+config file is syntactically okay.
+
+@item cfgfile
+If an error occurred in the configuration file (as indicated by a false
+value in the field @code{okay}), this field has the name of the failing
+configuration file. It is @emph{percent-escaped}.
+
+@item line
+If an error occurred in the configuration file, this field has the line
+number of the failing statement in the configuration file.
+It is an @emph{unsigned number}.
+
+@item error
+If an error occurred in the configuration file, this field has the error
+text of the failing statement in the configuration file. It is
+@emph{percent-escaped} and @emph{localized}.
+
+@end table
+
+@noindent
+In the following example the @command{dirmngr} is not runnable and the
+configuration file of @command{scdaemon} is not okay.
+
+@example
+$ gpgconf --check-programs
+gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1:
+gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1:
+scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0:
+gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1:
+dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0:
+@end example
+
+@noindent
+The command @w{@code{--check-options @var{component}}} will verify the
+configuration file in the same manner as @code{--check-programs}, but
+only for the component @var{component}.
+
+
+@node Listing options
+@subsection Listing options
+
+Every component contains one or more options. Options may be gathered
+into option groups to allow the GUI to give visual hints to the user
+about which options are related.
+
+The command argument @code{@w{--list-options @var{component}}} lists
+all options (and the groups they belong to) in the component
+@var{component}, one per line. @var{component} must be the string in
+the field @var{name} in the output of the @code{--list-components}
+command.
+
+There is one line for each option and each group. First come all
+options that are not in any group. Then comes a line describing a
+group. Then come all options that belong into each group. Then comes
+the next group and so on. There does not need to be any group (and in
+this case the output will stop after the last non-grouped option).
+
+The format of each line is:
+
+@code{@var{name}:@var{flags}:@var{level}:@var{description}:@var{type}:@var{alt-type}:@var{argname}:@var{default}:@var{argdef}:@var{value}}
+
+@table @var
+@item name
+This field contains a name tag for the group or option. The name tag
+is used to specify the group or option in all communication with
+@command{gpgconf}. The name tag is to be used @emph{verbatim}. It is
+thus not in any escaped format.
+
+@item flags
+The flags field contains an @emph{unsigned number}. Its value is the
+OR-wise combination of the following flag values:
+
+@table @code
+@item group (1)
+If this flag is set, this is a line describing a group and not an
+option.
+@end table
+
+The following flag values are only defined for options (that is, if
+the @code{group} flag is not used).
+
+@table @code
+@item optional arg (2)
+If this flag is set, the argument is optional. This is never set for
+@var{type} @code{0} (none) options.
+
+@item list (4)
+If this flag is set, the option can be given multiple times.
+
+@item runtime (8)
+If this flag is set, the option can be changed at runtime.
+
+@item default (16)
+If this flag is set, a default value is available.
+
+@item default desc (32)
+If this flag is set, a (runtime) default is available. This and the
+@code{default} flag are mutually exclusive.
+
+@item no arg desc (64)
+If this flag is set, and the @code{optional arg} flag is set, then the
+option has a special meaning if no argument is given.
+
+@item no change (128)
+If this flag is set, gpgconf ignores requests to change the value. GUI
+frontends should grey out this option. Note, that manual changes of the
+configuration files are still possible.
+@end table
+
+@item level
+This field is defined for options and for groups. It contains an
+@emph{unsigned number} that specifies the expert level under which
+this group or option should be displayed. The following expert levels
+are defined for options (they have analogous meaning for groups):
+
+@table @code
+@item basic (0)
+This option should always be offered to the user.
+
+@item advanced (1)
+This option may be offered to advanced users.
+
+@item expert (2)
+This option should only be offered to expert users.
+
+@item invisible (3)
+This option should normally never be displayed, not even to expert
+users.
+
+@item internal (4)
+This option is for internal use only. Ignore it.
+@end table
+
+The level of a group will always be the lowest level of all options it
+contains.
+
+@item description
+This field is defined for options and groups. The @emph{string} in
+this field contains a human-readable description of the option or
+group. It can be displayed to the user of the GUI for informational
+purposes. It is @emph{percent-escaped} and @emph{localized}.
+
+@item type
+This field is only defined for options. It contains an @emph{unsigned
+number} that specifies the type of the option's argument, if any. The
+following types are defined:
+
+Basic types:
+
+@table @code
+@item none (0)
+No argument allowed.
+
+@item string (1)
+An @emph{unformatted string}.
+
+@item int32 (2)
+A @emph{signed number}.
+
+@item uint32 (3)
+An @emph{unsigned number}.
+@end table
+
+Complex types:
+
+@table @code
+@item pathname (32)
+A @emph{string} that describes the pathname of a file. The file does
+not necessarily need to exist.
+
+@item ldap server (33)
+A @emph{string} that describes an LDAP server in the format:
+
+@code{@var{hostname}:@var{port}:@var{username}:@var{password}:@var{base_dn}}
+
+@item key fingerprint (34)
+A @emph{string} with a 40 digit fingerprint specifying a certificate.
+
+@item pub key (35)
+A @emph{string} that describes a certificate by user ID, key ID or
+fingerprint.
+
+@item sec key (36)
+A @emph{string} that describes a certificate with a key by user ID,
+key ID or fingerprint.
+
+@item alias list (37)
+A @emph{string} that describes an alias list, like the one used with
+gpg's group option. The list consists of a key, an equal sign and space
+separated values.
+@end table
+
+More types will be added in the future. Please see the @var{alt-type}
+field for information on how to cope with unknown types.
+
+@item alt-type
+This field is identical to @var{type}, except that only the types
+@code{0} to @code{31} are allowed. The GUI is expected to present the
+user the option in the format specified by @var{type}. But if the
+argument type @var{type} is not supported by the GUI, it can still
+display the option in the more generic basic type @var{alt-type}. The
+GUI must support all the defined basic types to be able to display all
+options. More basic types may be added in future versions. If the
+GUI encounters a basic type it doesn't support, it should report an
+error and abort the operation.
+
+@item argname
+This field is only defined for options with an argument type
+@var{type} that is not @code{0}. In this case it may contain a
+@emph{percent-escaped} and @emph{localised string} that gives a short
+name for the argument. The field may also be empty, though, in which
+case a short name is not known.
+
+@item default
+This field is defined only for options for which the @code{default} or
+@code{default desc} flag is set. If the @code{default} flag is set,
+its format is that of an @emph{option argument} (@xref{Format
+conventions}, for details). If the default value is empty, then no
+default is known. Otherwise, the value specifies the default value
+for this option. If the @code{default desc} flag is set, the field is
+either empty or contains a description of the effect if the option is
+not given.
+
+@item argdef
+This field is defined only for options for which the @code{optional
+arg} flag is set. If the @code{no arg desc} flag is not set, its
+format is that of an @emph{option argument} (@xref{Format
+conventions}, for details). If the default value is empty, then no
+default is known. Otherwise, the value specifies the default argument
+for this option. If the @code{no arg desc} flag is set, the field is
+either empty or contains a description of the effect of this option if
+no argument is given.
+
+@item value
+This field is defined only for options. Its format is that of an
+@emph{option argument}. If it is empty, then the option is not
+explicitly set in the current configuration, and the default applies
+(if any). Otherwise, it contains the current value of the option.
+Note that this field is also meaningful if the option itself does not
+take a real argument (in this case, it contains the number of times
+the option appears).
+@end table
+
+
+@node Changing options
+@subsection Changing options
+
+The command @w{@code{--change-options @var{component}}} will attempt
+to change the options of the component @var{component} to the
+specified values. @var{component} must be the string in the field
+@var{name} in the output of the @code{--list-components} command. You
+have to provide the options that shall be changed in the following
+format on standard input:
+
+@code{@var{name}:@var{flags}:@var{new-value}}
+
+@table @var
+@item name
+This is the name of the option to change. @var{name} must be the
+string in the field @var{name} in the output of the
+@code{--list-options} command.
+
+@item flags
+The flags field contains an @emph{unsigned number}. Its value is the
+OR-wise combination of the following flag values:
+
+@table @code
+@item default (16)
+If this flag is set, the option is deleted and the default value is
+used instead (if applicable).
+@end table
+
+@item new-value
+The new value for the option. This field is only defined if the
+@code{default} flag is not set. The format is that of an @emph{option
+argument}. If it is empty (or the field is omitted), the default
+argument is used (only allowed if the argument is optional for this
+option). Otherwise, the option will be set to the specified value.
+@end table
+
+@noindent
+The output of the command is the same as that of
+@code{--check-options} for the modified configuration file.
+
+Examples:
+
+To set the force option, which is of basic type @code{none (0)}:
+
+@example
+$ echo 'force:0:1' | gpgconf --change-options dirmngr
+@end example
+
+To delete the force option:
+
+@example
+$ echo 'force:16:' | gpgconf --change-options dirmngr
+@end example
+
+The @code{--runtime} option can influence when the changes take
+effect.
+
+
+@node Listing global options
+@subsection Listing global options
+
+Sometimes it is useful for applications to look at the global options
+file @file{gpgconf.conf}.
+The colon separated listing format is record oriented and uses the first
+field to identify the record type:
+
+@table @code
+@item k
+This describes a key record to start the definition of a new ruleset for
+a user/group. The format of a key record is:
+
+ @code{k:@var{user}:@var{group}:}
+
+@table @var
+@item user
+This is the user field of the key. It is percent escaped. See the
+definition of the gpgconf.conf format for details.
+
+@item group
+This is the group field of the key. It is percent escaped.
+@end table
+
+@item r
+This describes a rule record. All rule records up to the next key record
+make up a rule set for that key. The format of a rule record is:
+
+ @code{r:::@var{component}:@var{option}:@var{flags}:@var{value}:}
+
+@table @var
+@item component
+This is the component part of a rule. It is a plain string.
+
+@item option
+This is the option part of a rule. It is a plain string.
+
+@item flag
+This is the flags part of a rule. There may be only one flag per rule
+but by using the same component and option, several flags may be
+assigned to an option. It is a plain string.
+
+@item value
+This is the optional value for the option. It is a percent escaped
+string with a single quotation mark to indicate a string. The quotation
+mark is only required to distinguish between no value specified and an
+empty string.
+@end table
+
+@end table
+
+@noindent
+Unknown record types should be ignored. Note that there is intentionally
+no feature to change the global option file through @command{gpgconf}.
+
+
+
+@mansect files
+@node Files used by gpgconf
+@subsection Files used by gpgconf
+
+@table @file
+
+@item /etc/gnupg/gpgconf.conf
+@cindex gpgconf.conf
+ If this file exists, it is processed as a global configuration file.
+ A commented example can be found in the @file{examples} directory of
+ the distribution.
+@end table
+
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1),
+@command{dirmngr}(1)
+@end ifset
+@include see-also-note.texi
+
+
+
+@c
+@c APPLYGNUPGDEFAULTS
+@c
+@manpage applygnupgdefaults.8
+@node applygnupgdefaults
+@section Run gpgconf for all users.
+@ifset manverb
+.B applygnupgdefaults
+\- Run gpgconf --apply-defaults for all users.
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B applygnupgdefaults
+@end ifset
+
+@mansect description
+This script is a wrapper around @command{gpgconf} to run it with the
+command @code{--apply-defaults} for all real users with an existing
+GnuPG home directory. Admins might want to use this script to update he
+GnuPG configuration files for all users after
+@file{/etc/gnupg/gpgconf.conf} has been changed. This allows to enforce
+certain policies for all users. Note, that this is not a bulletproof of
+forcing a user to use certain options. A user may always directly edit
+the configuration files and bypass gpgconf.
+
+@noindent
+@command{applygnupgdefaults} is invoked by root as:
+
+@example
+applygnupgdefaults
+@end example
+
+
+@c
+@c GPGSM-GENCERT.SH
+@c
+@node gpgsm-gencert.sh
+@section Generate an X.509 certificate request
+@manpage gpgsm-gencert.sh.1
+@ifset manverb
+.B gpgsm-gencert.sh
+\- Generate an X.509 certificate request
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgsm-gencert.sh
+@end ifset
+
+@mansect description
+This is a simple tool to interactively generate a certificate request
+which will be printed to stdout.
+
+@manpause
+@noindent
+@command{gpgsm-gencert.sh} is invoked as:
+
+@samp{gpgsm-cencert.sh}
+
+@mansect see also
+@ifset isman
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
+
+
+
+@c
+@c GPG-PRESET-PASSPHRASE
+@c
+@node gpg-preset-passphrase
+@section Put a passphrase into the cache.
+@manpage gpg-preset-passphrase.1
+@ifset manverb
+.B gpg-preset-passphrase
+\- Put a passphrase into gpg-agent's cache
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-preset-passphrase
+.RI [ options ]
+.RI [ command ]
+.I cache-id
+@end ifset
+
+@mansect description
+The @command{gpg-preset-passphrase} is a utility to seed the internal
+cache of a running @command{gpg-agent} with passphrases. It is mainly
+useful for unattended machines, where the usual @command{pinentry} tool
+may not be used and the passphrases for the to be used keys are given at
+machine startup.
+
+Passphrases set with this utility don't expire unless the
+@option{--forget} option is used to explicitly clear them from the cache
+--- or @command{gpg-agent} is either restarted or reloaded (by sending a
+SIGHUP to it). It is necessary to allow this passphrase presetting by
+starting @command{gpg-agent} with the
+@option{--allow-preset-passphrase}.
+
+@menu
+* Invoking gpg-preset-passphrase:: List of all commands and options.
+@end menu
+
+@manpause
+@node Invoking gpg-preset-passphrase
+@subsection List of all commands and options.
+@mancont
+
+@noindent
+@command{gpg-preset-passphrase} is invoked this way:
+
+@example
+gpg-preset-passphrase [options] [command] @var{cacheid}
+@end example
+
+@var{cacheid} is either a 40 character keygrip of hexadecimal
+characters identifying the key for which the passphrase should be set
+or cleared. The keygrip is listed along with the key when running the
+command: @code{gpgsm --dump-secret-keys}. Alternatively an arbitrary
+string may be used to identify a passphrase; it is suggested that such
+a string is prefixed with the name of the application (e.g
+@code{foo:12346}).
+
+@noindent
+One of the following command options must be given:
+
+@table @gnupgtabopt
+@item --preset
+@opindex preset
+Preset a passphrase. This is what you usually will
+use. @command{gpg-preset-passphrase} will then read the passphrase from
+@code{stdin}.
+
+@item --forget
+@opindex forget
+Flush the passphrase for the given cache ID from the cache.
+
+@end table
+
+@noindent
+The following additional options may be used:
+
+@table @gnupgtabopt
+@item -v
+@itemx --verbose
+@opindex verbose
+Output additional information while running.
+
+@item -P @var{string}
+@itemx --passphrase @var{string}
+@opindex passphrase
+Instead of reading the passphrase from @code{stdin}, use the supplied
+@var{string} as passphrase. Note that this makes the passphrase visible
+for other users.
+@end table
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
+
+
+
+
+@c
+@c GPG-CONNECT-AGENT
+@c
+@node gpg-connect-agent
+@section Communicate with a running agent.
+@manpage gpg-connect-agent.1
+@ifset manverb
+.B gpg-connect-agent
+\- Communicate with a running agent
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-connect-agent
+.RI [ options ] [commands]
+@end ifset
+
+@mansect description
+The @command{gpg-connect-agent} is a utility to communicate with a
+running @command{gpg-agent}. It is useful to check out the commands
+gpg-agent provides using the Assuan interface. It might also be useful
+for scripting simple applications. Input is expected at stdin and out
+put gets printed to stdout.
+
+It is very similar to running @command{gpg-agent} in server mode; but
+here we connect to a running instance.
+
+@menu
+* Invoking gpg-connect-agent:: List of all options.
+* Controlling gpg-connect-agent:: Control commands.
+@end menu
+
+@manpause
+@node Invoking gpg-connect-agent
+@subsection List of all options.
+
+@noindent
+@command{gpg-connect-agent} is invoked this way:
+
+@example
+gpg-connect-agent [options] [commands]
+@end example
+@mancont
+
+@noindent
+The following options may be used:
+
+@table @gnupgtabopt
+@item -v
+@itemx --verbose
+@opindex verbose
+Output additional information while running.
+
+@item -q
+@item --quiet
+@opindex q
+@opindex quiet
+Try to be as quiet as possible.
+
+@include opt-homedir.texi
+
+@item --agent-program @var{file}
+@opindex agent-program
+Specify the agent program to be started if none is running.
+
+
+@item -S
+@itemx --raw-socket @var{name}
+@opindex raw-socket
+Connect to socket @var{name} assuming this is an Assuan style server.
+Do not run any special initializations or environment checks. This may
+be used to directly connect to any Assuan style socket server.
+
+@item -E
+@itemx --exec
+@opindex exec
+Take the rest of the command line as a program and it's arguments and
+execute it as an assuan server. Here is how you would run @command{gpgsm}:
+@smallexample
+ gpg-connect-agent --exec gpgsm --server
+@end smallexample
+Note that you may not use options on the command line in this case.
+
+@item --no-ext-connect
+@opindex no-ext-connect
+When using @option{-S} or @option{--exec}, @command{gpg-connect-agent}
+connects to the assuan server in extended mode to allow descriptor
+passing. This option makes it use the old mode.
+
+@item --run @var{file}
+@opindex run
+Run the commands from @var{file} at startup and then continue with the
+regular input method. Note, that commands given on the command line are
+executed after this file.
+
+@item -s
+@itemx --subst
+@opindex subst
+Run the command @code{/subst} at startup.
+
+@item --hex
+@opindex hex
+Print data lines in a hex format and the ASCII representation of
+non-control characters.
+
+@item --decode
+@opindex decode
+Decode data lines. That is to remove percent escapes but make sure that
+a new line always starts with a D and a space.
+
+@end table
+
+@mansect control commands
+@node Controlling gpg-connect-agent
+@subsection Control commands.
+
+While reading Assuan commands, gpg-agent also allows a few special
+commands to control its operation. These control commands all start
+with a slash (@code{/}).
+
+@table @code
+
+@item /echo @var{args}
+Just print @var{args}.
+
+@item /let @var{name} @var{value}
+Set the variable @var{name} to @var{value}. Variables are only
+substituted on the input if the @command{/subst} has been used.
+Variables are referenced by prefixing the name with a dollar sign and
+optionally include the name in curly braces. The rules for a valid name
+are identically to those of the standard bourne shell. This is not yet
+enforced but may be in the future. When used with curly braces no
+leading or trailing white space is allowed.
+
+If a variable is not found, it is searched in the environment and if
+found copied to the table of variables.
+
+Variable functions are available: The name of the function must be
+followed by at least one space and the at least one argument. The
+following functions are available:
+
+@table @code
+@item get
+Return a value described by the argument. Available arguments are:
+
+@table @code
+@item cwd
+The current working directory.
+@item homedir
+The gnupg homedir.
+@item sysconfdir
+GnuPG's system configuration directory.
+@item bindir
+GnuPG's binary directory.
+@item libdir
+GnuPG's library directory.
+@item libexecdir
+GnuPG's library directory for executable files.
+@item datadir
+GnuPG's data directory.
+@item serverpid
+The PID of the current server. Command @command{/serverpid} must
+have been given to return a useful value.
+@end table
+
+@item unescape @var{args}
+Remove C-style escapes from @var{args}. Note that @code{\0} and
+@code{\x00} terminate the returned string implicitly. The string to be
+converted are the entire arguments right behind the delimiting space of
+the function name.
+
+@item unpercent @var{args}
+@itemx unpercent+ @var{args}
+Remove percent style escaping from @var{args}. Note that @code{%00}
+terminates the string implicitly. The string to be converted are the
+entire arguments right behind the delimiting space of the function
+name. @code{unpercent+} also maps plus signs to a spaces.
+
+@item percent @var{args}
+@itemx percent+ @var{args}
+Escape the @var{args} using percent style escaping. Tabs, formfeeds,
+linefeeds, carriage returns and colons are escaped. @code{percent+} also
+maps spaces to plus signs.
+
+@item errcode @var{arg}
+@itemx errsource @var{arg}
+@itemx errstring @var{arg}
+Assume @var{arg} is an integer and evaluate it using @code{strtol}. Return
+the gpg-error error code, error source or a formatted string with the
+error code and error source.
+
+
+@item +
+@itemx -
+@itemx *
+@itemx /
+@itemx %
+Evaluate all arguments as long integers using @code{strtol} and apply
+this operator. A division by zero yields an empty string.
+
+@item !
+@itemx |
+@itemx &
+Evaluate all arguments as long integers using @code{strtol} and apply
+the logical oeprators NOT, OR or AND. The NOT operator works on the
+last argument only.
+
+
+@end table
+
+
+@item /definq @var{name} @var{var}
+Use content of the variable @var{var} for inquiries with @var{name}.
+@var{name} may be an asterisk (@code{*}) to match any inquiry.
+
+
+@item /definqfile @var{name} @var{file}
+Use content of @var{file} for inquiries with @var{name}.
+@var{name} may be an asterisk (@code{*}) to match any inquiry.
+
+@item /definqprog @var{name} @var{prog}
+Run @var{prog} for inquiries matching @var{name} and pass the
+entire line to it as command line arguments.
+
+@item /datafile @var{name}
+Write all data lines from the server to the file @var{name}. The file
+is opened for writing and created if it does not exists. An existing
+file is first truncated to 0. The data written to the file fully
+decoded. Using a single dash for @var{name} writes to stdout. The
+file is kept open until a new file is set using this command or this
+command is used without an argument.
+
+@item /showdef
+Print all definitions
+
+@item /cleardef
+Delete all definitions
+
+@item /sendfd @var{file} @var{mode}
+Open @var{file} in @var{mode} (which needs to be a valid @code{fopen}
+mode string) and send the file descriptor to the server. This is
+usually followed by a command like @code{INPUT FD} to set the
+input source for other commands.
+
+@item /recvfd
+Not yet implemented.
+
+@item /open @var{var} @var{file} [@var{mode}]
+Open @var{file} and assign the file descriptor to @var{var}. Warning:
+This command is experimental and might change in future versions.
+
+@item /close @var{fd}
+Close the file descriptor @var{fd}. Warning: This command is
+experimental and might change in future versions.
+
+@item /showopen
+Show a list of open files.
+
+@item /serverpid
+Send the Assuan command @command{GETINFO pid} to the server and store
+the returned PID for internal purposes.
+
+@item /sleep
+Sleep for a second.
+
+@item /hex
+@itemx /nohex
+Same as the command line option @option{--hex}.
+
+@item /decode
+@itemx /nodecode
+Same as the command line option @option{--decode}.
+
+@item /subst
+@itemx /nosubst
+Enable and disable variable substitution. It defaults to disabled
+unless the command line option @option{--subst} has been used.
+If /subst as been enabled once, leading whitespace is removed from
+input lines which makes scripts easier to read.
+
+@item /while @var{condition}
+@itemx /end
+These commands provide a way for executing loops. All lines between
+the @code{while} and the corresponding @code{end} are executed as long
+as the evaluation of @var{condition} yields a non-zero value or is the
+string @code{true} or @code{yes}. The evaluation is done by passing
+@var{condition} to the @code{strtol} function. Example:
+
+@smallexample
+ /subst
+ /let i 3
+ /while $i
+ /echo loop couter is $i
+ /let i $@{- $i 1@}
+ /end
+@end smallexample
+
+@item /if @var{condition}
+@itemx /end
+These commands provide a way for conditional execution. All lines between
+the @code{if} and the corresponding @code{end} are executed only if
+the evaluation of @var{condition} yields a non-zero value or is the
+string @code{true} or @code{yes}. The evaluation is done by passing
+@var{condition} to the @code{strtol} function.
+
+@item /run @var{file}
+Run commands from @var{file}.
+
+@item /bye
+Terminate the connection and the program
+
+@item /help
+Print a list of available control commands.
+
+@end table
+
+
+@ifset isman
+@mansect see also
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@include see-also-note.texi
+@end ifset
+
+@ifset gpgtwoone
+@c
+@c DIRMNGR-CLIENT
+@c
+@node dirmngr-client
+@section The Dirmngr Client Tool
+
+@manpage dirmngr-client.1
+@ifset manverb
+.B dirmngr-client
+\- Tool to access the Dirmngr services
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B dirmngr-client
+.RI [ options ]
+.RI [ certfile | pattern ]
+@end ifset
+
+@mansect description
+The @command{dirmngr-client} is a simple tool to contact a running
+dirmngr and test whether a certificate has been revoked --- either by
+being listed in the corresponding CRL or by running the OCSP protocol.
+If no dirmngr is running, a new instances will be started but this is
+in general not a good idea due to the huge performance overhead.
+
+@noindent
+The usual way to run this tool is either:
+
+@example
+dirmngr-client @var{acert}
+@end example
+
+@noindent
+or
+
+@example
+dirmngr-client <@var{acert}
+@end example
+
+Where @var{acert} is one DER encoded (binary) X.509 certificates to be
+tested.
+@ifclear isman
+The return value of this command is
+@end ifclear
+
+@mansect return value
+@ifset isman
+@command{dirmngr-client} returns these values:
+@end ifset
+@table @code
+
+@item 0
+The certificate under question is valid; i.e. there is a valid CRL
+available and it is not listed tehre or teh OCSP request returned that
+that certificate is valid.
+
+@item 1
+The certificate has been revoked
+
+@item 2 (and other values)
+There was a problem checking the revocation state of the certificate.
+A message to stderr has given more detailed information. Most likely
+this is due to a missing or expired CRL or due to a network problem.
+
+@end table
+
+@mansect options
+@noindent
+@command{dirmngr-client} may be called with the following options:
+
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you cannot
+abbreviate this command.
+
+@item --help, -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Note that you cannot abbreviate this command.
+
+@item --quiet, -q
+@opindex quiet
+Make the output extra brief by suppressing any informational messages.
+
+@item -v
+@item --verbose
+@opindex v
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @sc{dirmngr}, such as @samp{-vv}.
+
+@item --pem
+@opindex pem
+Assume that the given certificate is in PEM (armored) format.
+
+@item --ocsp
+@opindex ocsp
+Do the check using the OCSP protocol and ignore any CRLs.
+
+@item --force-default-responder
+@opindex force-default-responder
+When checking using the OCSP protocl, force the use of the default OCSP
+responder. That is not to use the Reponder as given by the certificate.
+
+@item --ping
+@opindex ping
+Check whether the dirmngr daemon is up and running.
+
+@item --cache-cert
+@opindex cache-cert
+Put the given certificate into the cache of a running dirmngr. This is
+mainly useful for debugging.
+
+@item --validate
+@opindex validate
+Validate the given certificate using dirmngr's internal validation code.
+This is mainly useful for debugging.
+
+@item --load-crl
+@opindex load-crl
+This command expects a list of filenames with DER encoded CRL files.
+With the option @option{--url} URLs are expected in place of filenames
+and they are loaded directly from the given location. All CRLs will be
+validated and then loaded into dirmngr's cache.
+
+@item --lookup
+@opindex lookup
+Take the remaining arguments and run a lookup command on each of them.
+The results are Base-64 encoded outputs (without header lines). This
+may be used to retrieve certificates from a server. However the output
+format is not very well suited if more than one certificate is returned.
+
+@item --url
+@itemx -u
+@opindex url
+Modify the @command{lookup} and @command{load-crl} commands to take an URL.
+
+@item --local
+@itemx -l
+@opindex url
+Let the @command{lookup} command only search the local cache.
+
+@item --squid-mode
+@opindex squid-mode
+Run @sc{dirmngr-client} in a mode suitable as a helper program for
+Squid's @option{external_acl_type} option.
+
+
+@end table
+
+@ifset isman
+@mansect see also
+@command{dirmngr}(8),
+@command{gpgsm}(1)
+@include see-also-note.texi
+@end ifset
+@end ifset
+
+@c
+@c GPGPARSEMAIL
+@c
+@node gpgparsemail
+@section Parse a mail message into an annotated format
+
+@manpage gpgparsemail.1
+@ifset manverb
+.B gpgparsemail
+\- Parse a mail message into an annotated format
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgparsemail
+.RI [ options ]
+.RI [ file ]
+@end ifset
+
+@mansect description
+The @command{gpgparsemail} is a utility currently only useful for
+debugging. Run it with @code{--help} for usage information.
+
+
+
+@c
+@c SYMCRYPTRUN
+@c
+@node symcryptrun
+@section Call a simple symmetric encryption tool.
+@manpage symcryptrun.1
+@ifset manverb
+.B symcryptrun
+\- Call a simple symmetric encryption tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B symcryptrun
+.B \-\-class
+.I class
+.B \-\-program
+.I program
+.B \-\-keyfile
+.I keyfile
+.RB [ --decrypt | --encrypt ]
+.RI [ inputfile ]
+@end ifset
+
+@mansect description
+Sometimes simple encryption tools are already in use for a long time and
+there might be a desire to integrate them into the GnuPG framework. The
+protocols and encryption methods might be non-standard or not even
+properly documented, so that a full-fledged encryption tool with an
+interface like gpg is not doable. @command{symcryptrun} provides a
+solution: It operates by calling the external encryption/decryption
+module and provides a passphrase for a key using the standard
+@command{pinentry} based mechanism through @command{gpg-agent}.
+
+Note, that @command{symcryptrun} is only available if GnuPG has been
+configured with @samp{--enable-symcryptrun} at build time.
+
+@menu
+* Invoking symcryptrun:: List of all commands and options.
+@end menu
+
+@manpause
+@node Invoking symcryptrun
+@subsection List of all commands and options.
+
+@noindent
+@command{symcryptrun} is invoked this way:
+
+@example
+symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE
+ [--decrypt | --encrypt] [inputfile]
+@end example
+@mancont
+
+For encryption, the plain text must be provided on STDIN or as the
+argument @var{inputfile}, and the ciphertext will be output to STDOUT.
+For decryption vice versa.
+
+@var{CLASS} describes the calling conventions of the external tool.
+Currently it must be given as @samp{confucius}. @var{PROGRAM} is
+the full filename of that external tool.
+
+For the class @samp{confucius} the option @option{--keyfile} is
+required; @var{keyfile} is the name of a file containing the secret key,
+which may be protected by a passphrase. For detailed calling
+conventions, see the source code.
+
+@noindent
+Note, that @command{gpg-agent} must be running before starting
+@command{symcryptrun}.
+
+@noindent
+The following additional options may be used:
+
+@table @gnupgtabopt
+@item -v
+@itemx --verbose
+@opindex verbose
+Output additional information while running.
+
+@item -q
+@item --quiet
+@opindex q
+@opindex quiet
+Try to be as quiet as possible.
+
+@include opt-homedir.texi
+
+
+@item --log-file @var{file}
+@opindex log-file
+Append all logging output to @var{file}. Default is to write logging
+information to STDERR.
+
+@end table
+
+@noindent
+The possible exit status codes of @command{symcryptrun} are:
+
+@table @code
+@item 0
+ Success.
+@item 1
+ Some error occured.
+@item 2
+ No valid passphrase was provided.
+@item 3
+ The operation was canceled by the user.
+
+@end table
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@end ifset
+@include see-also-note.texi
+
+
+@c
+@c GPG-ZIP
+@c
+@c The original manpage on which this section is based was written
+@c by Colin Tuckley <colin@tuckley.org> and Daniel Leidert
+@c <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by
+@c others).
+@manpage gpg-zip.1
+@node gpg-zip
+@section Encrypt or sign files into an archive
+@ifset manverb
+.B gpg-zip \- Encrypt or sign files into an archive
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-zip
+.RI [ options ]
+.I filename1
+.I [ filename2, ... ]
+.I directory1
+.I [ directory2, ... ]
+@end ifset
+
+@mansect description
+@command{gpg-zip} encrypts or signs files into an archive. It is an
+gpg-ized tar using the same format as used by PGP's PGP Zip.
+
+@manpause
+@noindent
+@command{gpg-zip} is invoked this way:
+
+@example
+gpg-zip [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
+@end example
+
+@mansect options
+@noindent
+@command{gpg-zip} understands these options:
+
+@table @gnupgtabopt
+
+@item --encrypt
+@itemx -e
+@opindex encrypt
+Encrypt data. This option may be combined with @option{--symmetric} (for output that may be decrypted via a secret key or a passphrase).
+
+@item --decrypt
+@itemx -d
+@opindex decrypt
+Decrypt data.
+
+@item --symmetric
+@itemx -c
+Encrypt with a symmetric cipher using a passphrase. The default
+symmetric cipher used is CAST5, but may be chosen with the
+@option{--cipher-algo} option to @command{gpg}.
+
+@item --sign
+@itemx -s
+Make a signature. See @command{gpg}.
+
+@item --recipient @var{user}
+@itemx -r @var{user}
+@opindex recipient
+Encrypt for user id @var{user}. See @command{gpg}.
+
+@item --local-user @var{user}
+@itemx -u @var{user}
+@opindex local-user
+Use @var{user} as the key to sign with. See @command{gpg}.
+
+@item --list-archive
+@opindex list-archive
+List the contents of the specified archive.
+
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to specified file @var{file}.
+
+@item --gpg @var{gpgcmd}
+@opindex gpg
+Use the specified command @var{gpgcmd} instead of @command{gpg}.
+
+@item --gpg-args @var{args}
+@opindex gpg-args
+Pass the specified options to @command{gpg}.
+
+@item --tar @var{tarcmd}
+@opindex tar
+Use the specified command @var{tarcmd} instead of @command{tar}.
+
+@item --tar-args @var{args}
+@opindex tar-args
+Pass the specified options to @command{tar}.
+
+@item --version
+@opindex version
+Print version of the program and exit.
+
+@item --help
+@opindex help
+Display a brief help page and exit.
+
+@end table
+
+@mansect diagnostics
+@noindent
+The program returns 0 if everything was fine, 1 otherwise.
+
+
+@mansect examples
+@ifclear isman
+@noindent
+Some examples:
+
+@end ifclear
+@noindent
+Encrypt the contents of directory @file{mydocs} for user Bob to file
+@file{test1}:
+
+@example
+gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs
+@end example
+
+@noindent
+List the contents of archive @file{test1}:
+
+@example
+gpg-zip --list-archive test1
+@end example
+
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{tar}(1),
+@end ifset
+@include see-also-note.texi
diff --git a/doc/version.texi b/doc/version.texi
new file mode 100644
index 0000000..8f6243a
--- /dev/null
+++ b/doc/version.texi
@@ -0,0 +1,4 @@
+@set UPDATED 27 March 2012
+@set UPDATED-MONTH March 2012
+@set EDITION 2.0.19
+@set VERSION 2.0.19
diff --git a/doc/yat2m.c b/doc/yat2m.c
new file mode 100644
index 0000000..a22176c
--- /dev/null
+++ b/doc/yat2m.c
@@ -0,0 +1,1360 @@
+/* yat2m.c - Yet Another Texi 2 Man converter
+ * Copyright (C) 2005 g10 Code GmbH
+ * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ This is a simple textinfo to man page converter. It needs some
+ special markup in th e texinfo and tries best to get a create man
+ page. It has been designed for the GnuPG man pages and thus only
+ a few texinfo commands are supported.
+
+ To use this you need to add the following macros into your texinfo
+ source:
+
+ @macro manpage {a}
+ @end macro
+ @macro mansect {a}
+ @end macro
+ @macro manpause
+ @end macro
+ @macro mancont
+ @end macro
+
+ They are used by yat2m to select parts of the Texinfo which should
+ go into the man page. These macros need to be used without leading
+ left space. Processing starts after a "manpage" macro has been
+ seen. "mansect" identifies the section and yat2m make sure to
+ emit the sections in the proper order. Note that @mansect skips
+ the next input line if that line begins with @section, @subsection or
+ @chapheading.
+
+ To insert verbatim troff markup, the following texinfo code may be
+ used:
+
+ @ifset manverb
+ .B whateever you want
+ @end ifset
+
+ alternativly a special comment may be used:
+
+ @c man:.B whatever you want
+
+ This is useful in case you need just one line. If you want to
+ include parts only in the man page but keep the texinfo
+ translation you may use:
+
+ @ifset isman
+ stuff to be rendered only on man pages
+ @end ifset
+
+ or to exclude stuff from man pages:
+
+ @ifclear isman
+ stuff not to be rendered on man pages
+ @end ifclear
+
+ the keyword @section is ignored, however @subsection gets rendered
+ as ".SS". @menu is completely skipped. Several man pages may be
+ extracted from one file, either using the --store or the --select
+ option.
+
+ If you want to indent tables in the source use this style:
+
+ @table foo
+ @item
+ @item
+ @table
+ @item
+ @end
+ @end
+
+ Don't change the indentation within a table and keep the same
+ number of white space at the start of the line. yat2m simply
+ detects the number of white spaces in front of an @item and remove
+ this number of spaces from all following lines until a new @item
+ is found or there are less spaces than for the last @item.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ctype.h>
+#include <time.h>
+
+
+#define PGM "yat2m"
+#define VERSION "1.0"
+
+/* The maximum length of a line including the linefeed and one extra
+ character. */
+#define LINESIZE 1024
+
+/* Option flags. */
+static int verbose;
+static int quiet;
+static int debug;
+static const char *opt_source;
+static const char *opt_release;
+static const char *opt_select;
+static const char *opt_include;
+static int opt_store;
+
+/* The only define we understand is -D gpgone. Thus we need a simple
+ boolean tro track it. */
+static int gpgone_defined;
+
+/* Flag to keep track whether any error occurred. */
+static int any_error;
+
+
+/* Object to keep macro definitions. */
+struct macro_s
+{
+ struct macro_s *next;
+ char *value; /* Malloced value. */
+ char name[1];
+};
+typedef struct macro_s *macro_t;
+
+/* List of all defined macros. */
+static macro_t macrolist;
+
+
+/* Object to store one line of content. */
+struct line_buffer_s
+{
+ struct line_buffer_s *next;
+ int verbatim; /* True if LINE contains verbatim data. The default
+ is Texinfo source. */
+ char *line;
+};
+typedef struct line_buffer_s *line_buffer_t;
+
+
+/* Object to collect the data of a section. */
+struct section_buffer_s
+{
+ char *name; /* Malloced name of the section. This may be
+ NULL to indicate this slot is not used. */
+ line_buffer_t lines; /* Linked list with the lines of the section. */
+ line_buffer_t *lines_tail; /* Helper for faster appending to the
+ linked list. */
+ line_buffer_t last_line; /* Points to the last line appended. */
+};
+typedef struct section_buffer_s *section_buffer_t;
+
+/* Variable to keep info about the current page together. */
+static struct
+{
+ /* Filename of the current page or NULL if no page is active. Malloced. */
+ char *name;
+
+ /* Number of allocated elements in SECTIONS below. */
+ size_t n_sections;
+ /* Array with the data of the sections. */
+ section_buffer_t sections;
+
+} thepage;
+
+
+/* The list of standard section names. COMMANDS and ASSUAN are GnuPG
+ specific. */
+static const char * const standard_sections[] =
+ { "NAME", "SYNOPSIS", "DESCRIPTION",
+ "RETURN VALUE", "EXIT STATUS", "ERROR HANDLING", "ERRORS",
+ "COMMANDS", "OPTIONS", "USAGE", "EXAMPLES", "FILES",
+ "ENVIRONMENT", "DIAGNOSTICS", "SECURITY", "CONFORMING TO",
+ "ASSUAN", "NOTES", "BUGS", "AUTHOR", "SEE ALSO", NULL };
+
+
+/*-- Local prototypes. --*/
+static void proc_texi_buffer (FILE *fp, const char *line, size_t len,
+ int *table_level, int *eol_action);
+
+
+
+/* Print diagnostic message and exit with failure. */
+static void
+die (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+
+ exit (1);
+}
+
+
+/* Print diagnostic message. */
+static void
+err (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ if (strncmp (format, "%s:%d:", 6))
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+ any_error = 1;
+}
+
+/* Print diagnostic message. */
+static void
+inf (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+}
+
+
+static void *
+xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ return p;
+}
+
+static void *
+xcalloc (size_t n, size_t m)
+{
+ void *p = calloc (n, m);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ return p;
+}
+
+static void *
+xrealloc (void *old, size_t n)
+{
+ void *p = realloc (old, n);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ return p;
+}
+
+static char *
+xstrdup (const char *string)
+{
+ void *p = malloc (strlen (string)+1);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ strcpy (p, string);
+ return p;
+}
+
+
+/* Uppercase the ascii characters in STRING. */
+static char *
+ascii_strupr (char *string)
+{
+ char *p;
+
+ for (p = string; *p; p++)
+ if (!(*p & 0x80))
+ *p = toupper (*p);
+ return string;
+}
+
+
+/* Return the current date as an ISO string. */
+const char *
+isodatestring (void)
+{
+ static char buffer[11+5];
+ struct tm *tp;
+ time_t atime = time (NULL);
+
+ if (atime < 0)
+ strcpy (buffer, "????" "-??" "-??");
+ else
+ {
+ tp = gmtime (&atime);
+ sprintf (buffer,"%04d-%02d-%02d",
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
+ }
+ return buffer;
+}
+
+
+
+/* Return a section buffer for the section NAME. Allocate a new buffer
+ if this is a new section. Keep track of the sections in THEPAGE.
+ This function may reallocate the section array in THEPAGE. */
+static section_buffer_t
+get_section_buffer (const char *name)
+{
+ int i;
+ section_buffer_t sect;
+
+ /* If there is no section we put everything into the required NAME
+ section. Given that this is the first one listed it is likely
+ that error are easily visible. */
+ if (!name)
+ name = "NAME";
+
+ for (i=0; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ if (sect->name && !strcmp (name, sect->name))
+ return sect;
+ }
+ for (i=0; i < thepage.n_sections; i++)
+ if (!thepage.sections[i].name)
+ break;
+ if (i < thepage.n_sections)
+ sect = thepage.sections + i;
+ else
+ {
+ /* We need to allocate or reallocate the section array. */
+ size_t old_n = thepage.n_sections;
+ size_t new_n = 20;
+
+ if (!old_n)
+ thepage.sections = xcalloc (new_n, sizeof *thepage.sections);
+ else
+ {
+ thepage.sections = xrealloc (thepage.sections,
+ ((old_n + new_n)
+ * sizeof *thepage.sections));
+ memset (thepage.sections + old_n, 0,
+ new_n * sizeof *thepage.sections);
+ }
+ thepage.n_sections += new_n;
+
+ /* Setup the tail pointers. */
+ for (i=old_n; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ sect->lines_tail = &sect->lines;
+ }
+ sect = thepage.sections + old_n;
+ }
+
+ /* Store the name. */
+ assert (!sect->name);
+ sect->name = xstrdup (name);
+ return sect;
+}
+
+
+
+/* Add the content of LINE to the section named SECTNAME. */
+static void
+add_content (const char *sectname, char *line, int verbatim)
+{
+ section_buffer_t sect;
+ line_buffer_t lb;
+
+ sect = get_section_buffer (sectname);
+ if (sect->last_line && !sect->last_line->verbatim == !verbatim)
+ {
+ /* Lets append that line to the last one. We do this to keep
+ all lines of the same kind (i.e.verbatim or not) together in
+ one large buffer. */
+ size_t n1, n;
+
+ lb = sect->last_line;
+ n1 = strlen (lb->line);
+ n = n1 + 1 + strlen (line) + 1;
+ lb->line = xrealloc (lb->line, n);
+ strcpy (lb->line+n1, "\n");
+ strcpy (lb->line+n1+1, line);
+ }
+ else
+ {
+ lb = xcalloc (1, sizeof *lb);
+ lb->verbatim = verbatim;
+ lb->line = xstrdup (line);
+ sect->last_line = lb;
+ *sect->lines_tail = lb;
+ sect->lines_tail = &lb->next;
+ }
+}
+
+
+/* Prepare for a new man page using the filename NAME. */
+static void
+start_page (char *name)
+{
+ if (verbose)
+ inf ("starting page `%s'", name);
+ assert (!thepage.name);
+ thepage.name = xstrdup (name);
+ thepage.n_sections = 0;
+}
+
+
+/* Write the .TH entry of the current page. Return -1 if there is a
+ problem with the page. */
+static int
+write_th (FILE *fp)
+{
+ char *name, *p;
+
+ fputs (".\\\" Created from Texinfo source by yat2m " VERSION "\n", fp);
+
+ name = ascii_strupr (xstrdup (thepage.name));
+ p = strrchr (name, '.');
+ if (!p || !p[1])
+ {
+ err ("no section name in man page `%s'", thepage.name);
+ free (name);
+ return -1;
+ }
+ *p++ = 0;
+ fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
+ name, p, isodatestring (), opt_release, opt_source);
+ return 0;
+}
+
+
+/* Process the texinfo command COMMAND (without the leading @) and
+ write output if needed to FP. REST is the remainer of the line
+ which should either point to an opening brace or to a white space.
+ The function returns the number of characters already processed
+ from REST. LEN is the usable length of REST. TABLE_LEVEL is used to
+ control the indentation of tables. */
+static size_t
+proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
+ int *table_level, int *eol_action)
+{
+ static struct {
+ const char *name; /* Name of the command. */
+ int what; /* What to do with this command. */
+ const char *lead_in; /* String to print with a opening brace. */
+ const char *lead_out;/* String to print with the closing brace. */
+ } cmdtbl[] = {
+ { "command", 0, "\\fB", "\\fR" },
+ { "code", 0, "\\fB", "\\fR" },
+ { "sc", 0, "\\fB", "\\fR" },
+ { "var", 0, "\\fI", "\\fR" },
+ { "samp", 0, "\\(aq", "\\(aq" },
+ { "file", 0, "\\(oq\\fI","\\fR\\(cq" },
+ { "env", 0, "\\(oq\\fI","\\fR\\(cq" },
+ { "acronym", 0 },
+ { "dfn", 0 },
+ { "option", 0, "\\fB", "\\fR" },
+ { "example", 1, ".RS 2\n.nf\n" },
+ { "smallexample", 1, ".RS 2\n.nf\n" },
+ { "asis", 7 },
+ { "anchor", 7 },
+ { "cartouche", 1 },
+ { "xref", 0, "see: [", "]" },
+ { "pxref", 0, "see: [", "]" },
+ { "uref", 0, "(\\fB", "\\fR)" },
+ { "footnote",0, " ([", "])" },
+ { "emph", 0, "\\fI", "\\fR" },
+ { "w", 1 },
+ { "c", 5 },
+ { "opindex", 1 },
+ { "cpindex", 1 },
+ { "cindex", 1 },
+ { "noindent", 0 },
+ { "section", 1 },
+ { "chapter", 1 },
+ { "subsection", 6, "\n.SS " },
+ { "chapheading", 0},
+ { "item", 2, ".TP\n.B " },
+ { "itemx", 2, ".TP\n.B " },
+ { "table", 3 },
+ { "itemize", 3 },
+ { "bullet", 0, "* " },
+ { "end", 4 },
+ { "quotation",1, ".RS\n\\fB" },
+ { NULL }
+ };
+ size_t n;
+ int i;
+ const char *s;
+ const char *lead_out = NULL;
+ int ignore_args = 0;
+
+ for (i=0; cmdtbl[i].name && strcmp (cmdtbl[i].name, command); i++)
+ ;
+ if (cmdtbl[i].name)
+ {
+ s = cmdtbl[i].lead_in;
+ if (s)
+ fputs (s, fp);
+ lead_out = cmdtbl[i].lead_out;
+ switch (cmdtbl[i].what)
+ {
+ case 1: /* Throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ case 2: /* Handle @item. */
+ break;
+ case 3: /* Handle table. */
+ if (++(*table_level) > 1)
+ fputs (".RS\n", fp);
+ /* Now throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ break;
+ case 4: /* Handle end. */
+ for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--)
+ ;
+ if (n >= 5 && !memcmp (s, "table", 5)
+ && (!n || s[5] == ' ' || s[5] == '\t' || s[5] == '\n'))
+ {
+ if ((*table_level)-- > 1)
+ fputs (".RE\n", fp);
+ }
+ else if (n >= 7 && !memcmp (s, "example", 7)
+ && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n'))
+ {
+ fputs (".fi\n.RE\n", fp);
+ }
+ else if (n >= 12 && !memcmp (s, "smallexample", 12)
+ && (!n || s[12] == ' ' || s[12] == '\t' || s[12] == '\n'))
+ {
+ fputs (".fi\n.RE\n", fp);
+ }
+ else if (n >= 9 && !memcmp (s, "quotation", 9)
+ && (!n || s[9] == ' ' || s[9] == '\t' || s[9] == '\n'))
+ {
+ fputs ("\\fR\n.RE\n", fp);
+ }
+ /* Now throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ case 5: /* Handle special comments. */
+ for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--)
+ ;
+ if (n >= 4 && !memcmp (s, "man:", 4))
+ {
+ for (s+=4, n-=4; n && *s != '\n'; n--, s++)
+ putc (*s, fp);
+ putc ('\n', fp);
+ }
+ /* Now throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ case 6:
+ *eol_action = 1;
+ break;
+ case 7:
+ ignore_args = 1;
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ macro_t m;
+
+ for (m = macrolist; m ; m = m->next)
+ if (!strcmp (m->name, command))
+ break;
+ if (m)
+ {
+ proc_texi_buffer (fp, m->value, strlen (m->value),
+ table_level, eol_action);
+ ignore_args = 1; /* Parameterized macros are not yet supported. */
+ }
+ else
+ inf ("texinfo command `%s' not supported (%.*s)", command,
+ ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest);
+ }
+
+ if (*rest == '{')
+ {
+ /* Find matching closing brace. */
+ for (s=rest+1, n=1, i=1; i && *s && n < len; s++, n++)
+ if (*s == '{')
+ i++;
+ else if (*s == '}')
+ i--;
+ if (i)
+ {
+ err ("closing brace for command `%s' not found", command);
+ return len;
+ }
+ if (n > 2 && !ignore_args)
+ proc_texi_buffer (fp, rest+1, n-2, table_level, eol_action);
+ }
+ else
+ n = 0;
+
+ if (lead_out)
+ fputs (lead_out, fp);
+
+ return n;
+}
+
+
+
+/* Process the string LINE with LEN bytes of Texinfo content. */
+static void
+proc_texi_buffer (FILE *fp, const char *line, size_t len,
+ int *table_level, int *eol_action)
+{
+ const char *s;
+ char cmdbuf[256];
+ int cmdidx = 0;
+ int in_cmd = 0;
+ size_t n;
+
+ for (s=line; *s && len; s++, len--)
+ {
+ if (in_cmd)
+ {
+ if (in_cmd == 1)
+ {
+ switch (*s)
+ {
+ case '@': case '{': case '}':
+ putc (*s, fp); in_cmd = 0;
+ break;
+ case ':': /* Not ending a sentence flag. */
+ in_cmd = 0;
+ break;
+ case '.': case '!': case '?': /* Ending a sentence. */
+ putc (*s, fp); in_cmd = 0;
+ break;
+ case ' ': case '\t': case '\n': /* Non collapsing spaces. */
+ putc (*s, fp); in_cmd = 0;
+ break;
+ default:
+ cmdidx = 0;
+ cmdbuf[cmdidx++] = *s;
+ in_cmd++;
+ break;
+ }
+ }
+ else if (*s == '{' || *s == ' ' || *s == '\t' || *s == '\n')
+ {
+ cmdbuf[cmdidx] = 0;
+ n = proc_texi_cmd (fp, cmdbuf, s, len, table_level, eol_action);
+ assert (n <= len);
+ s += n; len -= n;
+ s--; len++;
+ in_cmd = 0;
+ }
+ else if (cmdidx < sizeof cmdbuf -1)
+ cmdbuf[cmdidx++] = *s;
+ else
+ {
+ err ("texinfo command too long - ignored");
+ in_cmd = 0;
+ }
+ }
+ else if (*s == '@')
+ in_cmd = 1;
+ else if (*s == '\n')
+ {
+ switch (*eol_action)
+ {
+ case 1: /* Create a dummy paragraph. */
+ fputs ("\n\\ \n", fp);
+ break;
+ default:
+ putc (*s, fp);
+ }
+ *eol_action = 0;
+ }
+ else if (*s == '\\')
+ fputs ("\\\\", fp);
+ else
+ putc (*s, fp);
+ }
+
+ if (in_cmd > 1)
+ {
+ cmdbuf[cmdidx] = 0;
+ n = proc_texi_cmd (fp, cmdbuf, s, len, table_level, eol_action);
+ assert (n <= len);
+ s += n; len -= n;
+ s--; len++;
+ in_cmd = 0;
+ }
+}
+
+
+/* Do something with the Texinfo line LINE. */
+static void
+parse_texi_line (FILE *fp, const char *line, int *table_level)
+{
+ int eol_action = 0;
+
+ /* A quick test whether there are any texinfo commands. */
+ if (!strchr (line, '@'))
+ {
+ fputs (line, fp);
+ putc ('\n', fp);
+ return;
+ }
+ proc_texi_buffer (fp, line, strlen (line), table_level, &eol_action);
+ putc ('\n', fp);
+}
+
+
+/* Write all the lines LINES to FP. */
+static void
+write_content (FILE *fp, line_buffer_t lines)
+{
+ line_buffer_t line;
+ int table_level = 0;
+
+ for (line = lines; line; line = line->next)
+ {
+ if (line->verbatim)
+ {
+ fputs (line->line, fp);
+ putc ('\n', fp);
+ }
+ else
+ {
+/* fputs ("TEXI---", fp); */
+/* fputs (line->line, fp); */
+/* fputs ("---\n", fp); */
+ parse_texi_line (fp, line->line, &table_level);
+ }
+ }
+}
+
+
+
+static int
+is_standard_section (const char *name)
+{
+ int i;
+ const char *s;
+
+ for (i=0; (s=standard_sections[i]); i++)
+ if (!strcmp (s, name))
+ return 1;
+ return 0;
+}
+
+
+/* Finish a page; that is sort the data and write it out to the file. */
+static void
+finish_page (void)
+{
+ FILE *fp;
+ section_buffer_t sect = NULL;
+ int idx;
+ const char *s;
+ int i;
+
+ if (!thepage.name)
+ return; /* No page active. */
+
+ if (verbose)
+ inf ("finishing page `%s'", thepage.name);
+
+ if (opt_select)
+ {
+ if (!strcmp (opt_select, thepage.name))
+ {
+ inf ("selected `%s'", thepage.name );
+ fp = stdout;
+ }
+ else
+ {
+ fp = fopen ( "/dev/null", "w" );
+ if (!fp)
+ die ("failed to open /dev/null: %s\n", strerror (errno));
+ }
+ }
+ else if (opt_store)
+ {
+ inf ("writing `%s'", thepage.name );
+ fp = fopen ( thepage.name, "w" );
+ if (!fp)
+ die ("failed to create `%s': %s\n", thepage.name, strerror (errno));
+ }
+ else
+ fp = stdout;
+
+ if (write_th (fp))
+ goto leave;
+
+ for (idx=0; (s=standard_sections[idx]); idx++)
+ {
+ for (i=0; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ if (sect->name && !strcmp (s, sect->name))
+ break;
+ }
+ if (i == thepage.n_sections)
+ sect = NULL;
+
+ if (sect)
+ {
+ fprintf (fp, ".SH %s\n", sect->name);
+ write_content (fp, sect->lines);
+ /* Now continue with all non standard sections directly
+ following this one. */
+ for (i++; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ if (sect->name && is_standard_section (sect->name))
+ break;
+ if (sect->name)
+ {
+ fprintf (fp, ".SH %s\n", sect->name);
+ write_content (fp, sect->lines);
+ }
+ }
+
+ }
+ }
+
+
+ leave:
+ if (fp != stdout)
+ fclose (fp);
+ free (thepage.name);
+ thepage.name = NULL;
+ /* FIXME: Cleanup the content. */
+}
+
+
+
+
+/* Parse one Texinfo file and create manpages according to the
+ embedded instructions. */
+static void
+parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
+{
+ char *line;
+ int lnr = 0;
+ /* Fixme: The following state variables don't carry over to include
+ files. */
+ int in_verbatim = 0;
+ int skip_to_end = 0; /* Used to skip over menu entries. */
+ int skip_sect_line = 0; /* Skip after @mansect. */
+ int ifset_nesting = 0; /* How often a ifset has been seen. */
+ int ifclear_nesting = 0; /* How often a ifclear has been seen. */
+ int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
+ int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
+ int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
+ int item_indent = 0; /* How far is the current @item indented. */
+
+ /* Helper to define a macro. */
+ char *macroname = NULL;
+ char *macrovalue = NULL;
+ size_t macrovaluesize = 0;
+ size_t macrovalueused = 0;
+
+ line = xmalloc (LINESIZE);
+ while (fgets (line, LINESIZE, fp))
+ {
+ size_t n = strlen (line);
+ int got_line = 0;
+ char *p;
+
+ lnr++;
+ if (!n || line[n-1] != '\n')
+ {
+ err ("%s:%d: trailing linefeed missing, line too long or "
+ "embedded Nul character", fname, lnr);
+ break;
+ }
+ line[--n] = 0;
+
+ /* Kludge to allow indentation of tables. */
+ for (p=line; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (*p)
+ {
+ if (*p == '@' && !strncmp (p+1, "item", 4))
+ item_indent = p - line; /* Set a new indent level. */
+ else if (p - line < item_indent)
+ item_indent = 0; /* Switch off indention. */
+
+ if (item_indent)
+ {
+ memmove (line, line+item_indent, n - item_indent + 1);
+ n -= item_indent;
+ }
+ }
+
+
+ if (*line == '@')
+ {
+ for (p=line+1, n=1; *p && *p != ' ' && *p != '\t'; p++)
+ n++;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ }
+ else
+ p = line;
+
+ /* Take action on macro. */
+ if (macroname)
+ {
+ if (n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t'||!line[4])
+ && !strncmp (p, "macro", 5)
+ && (p[5]==' '||p[5]=='\t'||!p[5]))
+ {
+ macro_t m;
+
+ if (macrovalueused)
+ macrovalue[--macrovalueused] = 0; /* Kill the last LF. */
+ macrovalue[macrovalueused] = 0; /* Terminate macro. */
+ macrovalue = xrealloc (macrovalue, macrovalueused+1);
+
+ for (m= macrolist; m; m = m->next)
+ if (!strcmp (m->name, macroname))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (macroname));
+ strcpy (m->name, macroname);
+ m->next = macrolist;
+ macrolist = m;
+ }
+ m->value = macrovalue;
+ macrovalue = NULL;
+ free (macroname);
+ macroname = NULL;
+ }
+ else
+ {
+ if (macrovalueused + strlen (line) + 2 >= macrovaluesize)
+ {
+ macrovaluesize += strlen (line) + 256;
+ macrovalue = xrealloc (macrovalue, macrovaluesize);
+ }
+ strcpy (macrovalue+macrovalueused, line);
+ macrovalueused += strlen (line);
+ macrovalue[macrovalueused++] = '\n';
+ }
+ continue;
+ }
+
+
+ if (n >= 5 && !memcmp (line, "@node", 5)
+ && (line[5]==' '||line[5]=='\t'||!line[5]))
+ {
+ /* Completey ignore @node lines. */
+ continue;
+ }
+
+
+ if (skip_sect_line)
+ {
+ skip_sect_line = 0;
+ if (!strncmp (line, "@section", 8)
+ || !strncmp (line, "@subsection", 11)
+ || !strncmp (line, "@chapheading", 12))
+ continue;
+ }
+
+ /* We only parse lines we need and ignore the rest. There are a
+ few macros used to control this as well as one @ifset
+ command. Parts we know about are saved away into containers
+ separate for each section. */
+
+ /* First process ifset/ifclear commands. */
+ if (*line == '@')
+ {
+ if (n == 6 && !memcmp (line, "@ifset", 6)
+ && (line[6]==' '||line[6]=='\t'))
+ {
+ ifset_nesting++;
+
+ if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+ {
+ if (in_verbatim)
+ err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
+ else
+ in_verbatim = ifset_nesting;
+ }
+ else if (!strncmp (p, "gpgone", 6)
+ && (p[6]==' '||p[6]=='\t'||!p[6]))
+ {
+ if (in_gpgone)
+ err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr);
+ else
+ in_gpgone = ifset_nesting;
+ }
+ continue;
+ }
+ else if (n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t')
+ && !strncmp (p, "ifset", 5)
+ && (p[5]==' '||p[5]=='\t'||!p[5]))
+ {
+ if (in_verbatim && ifset_nesting == in_verbatim)
+ in_verbatim = 0;
+ if (in_gpgone && ifset_nesting == in_gpgone)
+ in_gpgone = 0;
+
+ if (ifset_nesting)
+ ifset_nesting--;
+ else
+ err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr);
+ continue;
+ }
+ else if (n == 8 && !memcmp (line, "@ifclear", 8)
+ && (line[8]==' '||line[8]=='\t'))
+ {
+ ifclear_nesting++;
+
+ if (!strncmp (p, "gpgone", 6)
+ && (p[6]==' '||p[6]=='\t'||!p[6]))
+ {
+ if (not_in_gpgone)
+ err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr);
+ else
+ not_in_gpgone = ifclear_nesting;
+ }
+
+ else if (!strncmp (p, "isman", 5)
+ && (p[5]==' '||p[5]=='\t'||!p[5]))
+ {
+ if (not_in_man)
+ err ("%s:%d: nested \"@ifclear isman\"", fname, lnr);
+ else
+ not_in_man = ifclear_nesting;
+ }
+
+ continue;
+ }
+ else if (n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t')
+ && !strncmp (p, "ifclear", 7)
+ && (p[7]==' '||p[7]=='\t'||!p[7]))
+ {
+ if (not_in_gpgone && ifclear_nesting == not_in_gpgone)
+ not_in_gpgone = 0;
+ if (not_in_man && ifclear_nesting == not_in_man)
+ not_in_man = 0;
+
+ if (ifclear_nesting)
+ ifclear_nesting--;
+ else
+ err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr);
+ continue;
+ }
+ }
+
+ /* Take action on ifset/ifclear. */
+ if ( (in_gpgone && !gpgone_defined)
+ || (not_in_gpgone && gpgone_defined)
+ || not_in_man)
+ continue;
+
+ /* Process commands. */
+ if (*line == '@')
+ {
+ if (skip_to_end
+ && n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t'||!line[4]))
+ {
+ skip_to_end = 0;
+ }
+ else if (in_verbatim)
+ {
+ got_line = 1;
+ }
+ else if (n == 6 && !memcmp (line, "@macro", 6))
+ {
+ macroname = xstrdup (p);
+ macrovalue = xmalloc ((macrovaluesize = 1024));
+ macrovalueused = 0;
+ }
+ else if (n == 8 && !memcmp (line, "@manpage", 8))
+ {
+ free (*section_name);
+ *section_name = NULL;
+ finish_page ();
+ start_page (p);
+ in_pause = 0;
+ }
+ else if (n == 8 && !memcmp (line, "@mansect", 8))
+ {
+ if (!thepage.name)
+ err ("%s:%d: section outside of a man page", fname, lnr);
+ else
+ {
+ free (*section_name);
+ *section_name = ascii_strupr (xstrdup (p));
+ in_pause = 0;
+ skip_sect_line = 1;
+ }
+ }
+ else if (n == 9 && !memcmp (line, "@manpause", 9))
+ {
+ if (!*section_name)
+ err ("%s:%d: pausing outside of a man section", fname, lnr);
+ else if (in_pause)
+ err ("%s:%d: already pausing", fname, lnr);
+ else
+ in_pause = 1;
+ }
+ else if (n == 8 && !memcmp (line, "@mancont", 8))
+ {
+ if (!*section_name)
+ err ("%s:%d: continue outside of a man section", fname, lnr);
+ else if (!in_pause)
+ err ("%s:%d: continue while not pausing", fname, lnr);
+ else
+ in_pause = 0;
+ }
+ else if (n == 5 && !memcmp (line, "@menu", 5)
+ && (line[5]==' '||line[5]=='\t'||!line[5]))
+ {
+ skip_to_end = 1;
+ }
+ else if (n == 8 && !memcmp (line, "@include", 8)
+ && (line[8]==' '||line[8]=='\t'||!line[8]))
+ {
+ char *incname = xstrdup (p);
+ FILE *incfp = fopen (incname, "r");
+
+ if (!incfp && opt_include && *opt_include && *p != '/')
+ {
+ free (incname);
+ incname = xmalloc (strlen (opt_include) + 1
+ + strlen (p) + 1);
+ strcpy (incname, opt_include);
+ if ( incname[strlen (incname)-1] != '/' )
+ strcat (incname, "/");
+ strcat (incname, p);
+ incfp = fopen (incname, "r");
+ }
+
+ if (!incfp)
+ err ("can't open include file `%s':%s",
+ incname, strerror (errno));
+ else
+ {
+ parse_file (incname, incfp, section_name, in_pause);
+ fclose (incfp);
+ }
+ free (incname);
+ }
+ else if (n == 4 && !memcmp (line, "@bye", 4)
+ && (line[4]==' '||line[4]=='\t'||!line[4]))
+ {
+ break;
+ }
+ else if (!skip_to_end)
+ got_line = 1;
+ }
+ else if (!skip_to_end)
+ got_line = 1;
+
+ if (got_line && in_verbatim)
+ add_content (*section_name, line, 1);
+ else if (got_line && thepage.name && *section_name && !in_pause)
+ add_content (*section_name, line, 0);
+
+ }
+ if (ferror (fp))
+ err ("%s:%d: read error: %s", fname, lnr, strerror (errno));
+ free (macroname);
+ free (macrovalue);
+ free (line);
+}
+
+
+static void
+top_parse_file (const char *fname, FILE *fp)
+{
+ char *section_name = NULL; /* Name of the current section or NULL
+ if not in a section. */
+ while (macrolist)
+ {
+ macro_t next = macrolist->next;
+ free (macrolist->value);
+ free (macrolist);
+ macrolist = next;
+ }
+
+ parse_file (fname, fp, &section_name, 0);
+ free (section_name);
+ finish_page ();
+}
+
+
+int
+main (int argc, char **argv)
+{
+ int last_argc = -1;
+
+ opt_source = "GNU";
+ opt_release = "";
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--help"))
+ {
+ puts (
+ "Usage: " PGM " [OPTION] [FILE]\n"
+ "Extract man pages from a Texinfo source.\n\n"
+ " --source NAME use NAME as source field\n"
+ " --release STRING use STRING as the release field\n"
+ " --store write output using @manpage name\n"
+ " --select NAME only output pages with @manpage NAME\n"
+ " --verbose enable extra informational output\n"
+ " --debug enable additional debug output\n"
+ " --help display this help and exit\n"
+ " -I DIR also search in include DIR\n"
+ " -D gpgone the only useable define\n\n"
+ "With no FILE, or when FILE is -, read standard input.\n\n"
+ "Report bugs to <bugs@g10code.com>.");
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--version"))
+ {
+ puts (PGM " " VERSION "\n"
+ "Copyright (C) 2005 g10 Code GmbH\n"
+ "This program comes with ABSOLUTELY NO WARRANTY.\n"
+ "This is free software, and you are welcome to redistribute it\n"
+ "under certain conditions. See the file COPYING for details.");
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--quiet"))
+ {
+ quiet = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--debug"))
+ {
+ verbose = debug = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--source"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_source = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "--release"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_release = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "--store"))
+ {
+ opt_store = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--select"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_select = strrchr (*argv, '/');
+ if (opt_select)
+ opt_select++;
+ else
+ opt_select = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "-I"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_include = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "-D"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ if (!strcmp (*argv, "gpgone"))
+ gpgone_defined = 1;
+ argc--; argv++;
+ }
+ }
+ }
+
+ if (argc > 1)
+ die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n");
+
+ /* Start processing. */
+ if (argc && strcmp (*argv, "-"))
+ {
+ FILE *fp = fopen (*argv, "rb");
+ if (!fp)
+ die ("%s:0: can't open file: %s", *argv, strerror (errno));
+ top_parse_file (*argv, fp);
+ fclose (fp);
+ }
+ else
+ top_parse_file ("-", stdin);
+
+ return !!any_error;
+}
+
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -g -Wall -o yat2m yat2m.c"
+End:
+*/
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 22:11:34 +0000